Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/ajenti@1.2.19.5

Type pypi

Namespace

Name ajenti

Version 1.2.19.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.2.21.7

Latest_non_vulnerable_version 1.2.21.7

Affected_by_vulnerabilities

url VCID-52g7-6zsa-dubc

vulnerability_id VCID-52g7-6zsa-dubc

summary Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.

references

reference_url	http://secunia.com/advisories/59177
reference_id
reference_type
scores
url	http://secunia.com/advisories/59177

reference_url	https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120
reference_id
reference_type
scores
url	https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120

reference_url	https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti
reference_id
reference_type
scores
url	https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti

reference_url	http://www.securityfocus.com/bid/68047
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/68047

fixed_packages

url	pkg:pypi/ajenti@1.2.21.7
purl	pkg:pypi/ajenti@1.2.21.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/ajenti@1.2.21.7

aliases CVE-2014-4301, PYSEC-2014-99

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52g7-6zsa-dubc

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ajenti@1.2.19.5

Package Instance