Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/novosga/novosga@1.0.3

Type composer

Namespace novosga

Name novosga

Version 1.0.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-82dv-za7h-dfd8

vulnerability_id VCID-82dv-za7h-dfd8

summary A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10909

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02618
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10909

reference_url

https://github.com/novosga/novosga

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/novosga/novosga

reference_url

https://hackmd.io/@noka/B1qwCyR9ll

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://hackmd.io/@noka/B1qwCyR9ll

reference_url

https://hackmd.io/@noka/B1qwCyR9ll#%E2%9E%A4-Payload

reference_id

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://hackmd.io/@noka/B1qwCyR9ll#%E2%9E%A4-Payload

reference_url

https://vuldb.com/?ctiid.325696

reference_id

?ctiid.325696

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	2.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/

url

https://vuldb.com/?ctiid.325696

reference_url

https://karinagante.github.io/cve-2025-10909/

reference_id

cve-2025-10909

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	2.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/

url

https://karinagante.github.io/cve-2025-10909/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-10909

reference_id

CVE-2025-10909

reference_type

scores

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-10909

reference_url

https://github.com/advisories/GHSA-4c44-r8rm-3p39

reference_id

GHSA-4c44-r8rm-3p39

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4c44-r8rm-3p39

reference_url

https://vuldb.com/?id.325696

reference_id

?id.325696

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	2.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/

url

https://vuldb.com/?id.325696

reference_url

https://karinagante.github.io/cve-2025-10909/#proof-of-concept-poc

reference_id

#proof-of-concept-poc

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	2.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/

url

https://karinagante.github.io/cve-2025-10909/#proof-of-concept-poc

reference_url

https://vuldb.com/?submit.651379

reference_id

?submit.651379

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C

value	2.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	2.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

value	2.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

value	1.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/

url

https://vuldb.com/?submit.651379

fixed_packages

url pkg:composer/novosga/novosga@2.2.10

purl pkg:composer/novosga/novosga@2.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84x4-ssdc-u7f2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.10

aliases CVE-2025-10909, GHSA-4c44-r8rm-3p39

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82dv-za7h-dfd8

url

VCID-84x4-ssdc-u7f2

vulnerability_id

VCID-84x4-ssdc-u7f2

summary

A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11322

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14915
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11322

reference_url

https://github.com/novosga/novosga

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/novosga/novosga

reference_url

https://vuldb.com/?ctiid.327203

reference_id

?ctiid.327203

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T17:17:41Z/

url

https://vuldb.com/?ctiid.327203

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-11322

reference_id

CVE-2025-11322

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-11322

reference_url

https://github.com/marcelomulder/CVE/blob/main/NovoSga/CVE-2025-11322.md

reference_id

CVE-2025-11322.md

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T17:17:41Z/

url

https://github.com/marcelomulder/CVE/blob/main/NovoSga/CVE-2025-11322.md

reference_url

https://github.com/advisories/GHSA-xgr2-5837-hf48

reference_id

GHSA-xgr2-5837-hf48

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xgr2-5837-hf48

reference_url

https://vuldb.com/?id.327203

reference_id

?id.327203

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T17:17:41Z/

url

https://vuldb.com/?id.327203

reference_url

https://vuldb.com/?submit.664517

reference_id

?submit.664517

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T17:17:41Z/

url

https://vuldb.com/?submit.664517

reference_url

https://github.com/marcelomulder/CVE/blob/main/NovoSga/Weak%20Password%20Policy%20in%20Novosga.md

reference_id

Weak%20Password%20Policy%20in%20Novosga.md

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

value	2.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-06T17:17:41Z/

url

https://github.com/marcelomulder/CVE/blob/main/NovoSga/Weak%20Password%20Policy%20in%20Novosga.md

fixed_packages

aliases

CVE-2025-11322, GHSA-xgr2-5837-hf48

risk_score

2.9

exploitability

0.5

weighted_severity

5.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-84x4-ssdc-u7f2

Fixing_vulnerabilities

Risk_score 2.9

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.0.3

Package Instance