Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezplatform-admin-ui@2.3.8
Typecomposer
Namespaceezsystems
Nameezplatform-admin-ui
Version2.3.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.39
Latest_non_vulnerable_version2.3.39
Affected_by_vulnerabilities
0
url VCID-t5ak-q84m-a3e3
vulnerability_id VCID-t5ak-q84m-a3e3
summary 
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office
### Impact
This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless.

### Patches
- See "Patched versions".
- https://github.com/ezsystems/ezplatform-admin-ui/commit/acaa620d4ef44e7c20908dc389d48064f2c19e6d

### Workarounds
None.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2025-003-xss-vulnerabilities-in-back-office
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2025-003-xss-vulnerabilities-in-back-office
1
reference_url https://github.com/ezsystems/ezplatform-admin-ui
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui
2
reference_url https://github.com/ezsystems/ezplatform-admin-ui/commit/acaa620d4ef44e7c20908dc389d48064f2c19e6d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/commit/acaa620d4ef44e7c20908dc389d48064f2c19e6d
3
reference_url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-r7pm-mw8g-p7px
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-r7pm-mw8g-p7px
4
reference_url https://github.com/advisories/GHSA-r7pm-mw8g-p7px
reference_id GHSA-r7pm-mw8g-p7px
reference_type
scores
url https://github.com/advisories/GHSA-r7pm-mw8g-p7px
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-admin-ui@2.3.38
purl pkg:composer/ezsystems/ezplatform-admin-ui@2.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y4rw-8y82-4bem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@2.3.38
aliases GHSA-r7pm-mw8g-p7px
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5ak-q84m-a3e3
1
url VCID-y4rw-8y82-4bem
vulnerability_id VCID-y4rw-8y82-4bem
summary ezsystems/ezplatform-admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2025-004-xss-and-enumeration-vulnerabilities-in-back-office
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2025-004-xss-and-enumeration-vulnerabilities-in-back-office
1
reference_url https://github.com/ezsystems/ezplatform-admin-ui
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui
2
reference_url https://github.com/advisories/GHSA-99c7-c3mw-mxhv
reference_id GHSA-99c7-c3mw-mxhv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99c7-c3mw-mxhv
3
reference_url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-99c7-c3mw-mxhv
reference_id GHSA-99c7-c3mw-mxhv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-99c7-c3mw-mxhv
fixed_packages
0
url pkg:composer/ezsystems/ezplatform-admin-ui@2.3.39
purl pkg:composer/ezsystems/ezplatform-admin-ui@2.3.39
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@2.3.39
aliases GHSA-99c7-c3mw-mxhv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4rw-8y82-4bem
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezplatform-admin-ui@2.3.8