Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ibexa/admin-ui-assets@4.6.20
Typecomposer
Namespaceibexa
Nameadmin-ui-assets
Version4.6.20
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.6.21
Latest_non_vulnerable_version4.6.21
Affected_by_vulnerabilities
0
url VCID-j41f-2p1g-b7e4
vulnerability_id VCID-j41f-2p1g-b7e4
summary 
Ibexa Admin UI assets XSS vulnerabilities in back office
### Impact
This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor or Administrator role, or similar. Injected XSS is persistent and can be reflected in the front office, possibly affecting end users. The fixes ensure XSS is escaped, and any existing injected XSS is rendered harmless.

### Patches
- See "Patched versions".
- https://github.com/ibexa/admin-ui-assets/commit/219b71b70aaea9321947d2dbeb49fff1b49e05f4

### Workarounds
None.
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2025-003-xss-vulnerabilities-in-back-office
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2025-003-xss-vulnerabilities-in-back-office
1
reference_url https://github.com/ibexa/admin-ui-assets
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ibexa/admin-ui-assets
2
reference_url https://github.com/ibexa/admin-ui-assets/commit/219b71b70aaea9321947d2dbeb49fff1b49e05f4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ibexa/admin-ui-assets/commit/219b71b70aaea9321947d2dbeb49fff1b49e05f4
3
reference_url https://github.com/ibexa/admin-ui-assets/security/advisories/GHSA-vhgq-r8gx-5fpv
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ibexa/admin-ui-assets/security/advisories/GHSA-vhgq-r8gx-5fpv
4
reference_url https://github.com/advisories/GHSA-vhgq-r8gx-5fpv
reference_id GHSA-vhgq-r8gx-5fpv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vhgq-r8gx-5fpv
fixed_packages
0
url pkg:composer/ibexa/admin-ui-assets@4.6.21
purl pkg:composer/ibexa/admin-ui-assets@4.6.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ibexa/admin-ui-assets@4.6.21
aliases GHSA-vhgq-r8gx-5fpv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j41f-2p1g-b7e4
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ibexa/admin-ui-assets@4.6.20