Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ajenti@1.2.4
Typepypi
Namespace
Nameajenti
Version1.2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.21.7
Latest_non_vulnerable_version1.2.21.7
Affected_by_vulnerabilities
0
url VCID-52g7-6zsa-dubc
vulnerability_id VCID-52g7-6zsa-dubc
summary Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.
references
0
reference_url http://secunia.com/advisories/59177
reference_id
reference_type
scores
url http://secunia.com/advisories/59177
1
reference_url https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120
reference_id
reference_type
scores
url https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120
2
reference_url https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti
reference_id
reference_type
scores
url https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti
3
reference_url http://www.securityfocus.com/bid/68047
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/68047
fixed_packages
0
url pkg:pypi/ajenti@1.2.21.7
purl pkg:pypi/ajenti@1.2.21.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ajenti@1.2.21.7
aliases CVE-2014-4301, PYSEC-2014-99
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52g7-6zsa-dubc
1
url VCID-wfej-2cmn-ufap
vulnerability_id VCID-wfej-2cmn-ufap
summary Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.
references
0
reference_url http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html
1
reference_url https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310
reference_id
reference_type
scores
url https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310
2
reference_url https://github.com/Eugeny/ajenti/issues/233
reference_id
reference_type
scores
url https://github.com/Eugeny/ajenti/issues/233
3
reference_url http://www.osvdb.org/102174
reference_id
reference_type
scores
url http://www.osvdb.org/102174
4
reference_url http://www.securityfocus.com/bid/64982
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64982
fixed_packages
0
url pkg:pypi/ajenti@1.2.14
purl pkg:pypi/ajenti@1.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-52g7-6zsa-dubc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ajenti@1.2.14
aliases CVE-2014-2260, PYSEC-2014-98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfej-2cmn-ufap
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ajenti@1.2.4