Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/modx/revolution@3.0.4-pl
Typecomposer
Namespacemodx
Namerevolution
Version3.0.4-pl
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.1-pl
Latest_non_vulnerable_version3.1.1-pl
Affected_by_vulnerabilities
0
url VCID-ec6v-85gf-tuha
vulnerability_id VCID-ec6v-85gf-tuha
summary A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-28010
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40784
published_at 2026-06-12T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40808
published_at 2026-06-13T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40617
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-28010
1
reference_url https://github.com/modxcms/revolution
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/modxcms/revolution
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-28010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-28010
3
reference_url https://github.com/advisories/GHSA-hm54-fg2w-2g6j
reference_id GHSA-hm54-fg2w-2g6j
reference_type
scores
url https://github.com/advisories/GHSA-hm54-fg2w-2g6j
4
reference_url https://github.com/rtnthakur/CVE/blob/main/MODX/README.md
reference_id README.md
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T14:52:17Z/
url https://github.com/rtnthakur/CVE/blob/main/MODX/README.md
fixed_packages
0
url pkg:composer/modx/revolution@3.1.1-pl
purl pkg:composer/modx/revolution@3.1.1-pl
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@3.1.1-pl
aliases CVE-2025-28010, GHSA-hm54-fg2w-2g6j
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec6v-85gf-tuha
Fixing_vulnerabilities
Risk_score2.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/modx/revolution@3.0.4-pl