Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-van9-c9qy-5bh5
Summary
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Craft CMS `3.70-RC1`–`3.7.55.1` and `4.0.0-RC1`–`4.2.0.1` are vulnerable to Cross Site Scripting (XSS) via entry revisions and drafts. Versions `3.7.55.2` and `4.2.1` contain patches for this issue.
Aliases
0
alias CVE-2022-37251
1
alias GHSA-mw37-wx8p-gp45
Fixed_packages
0
url pkg:composer/craftcms/cms@4.2.0.2
purl pkg:composer/craftcms/cms@4.2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-2vn9-2cs3-vbg3
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-41y2-tucq-ykaj
5
vulnerability VCID-4wkr-jx1w-77hn
6
vulnerability VCID-5cxe-tjpb-3qan
7
vulnerability VCID-5mnd-qvaq-k3am
8
vulnerability VCID-5pur-jy1x-gfhv
9
vulnerability VCID-6hcd-ayyh-3fdb
10
vulnerability VCID-71sv-62m4-z3er
11
vulnerability VCID-7y4f-ef7t-47eb
12
vulnerability VCID-83rt-3tyj-qbgx
13
vulnerability VCID-8u2j-17a4-q7eh
14
vulnerability VCID-9ca4-tbhq-27ad
15
vulnerability VCID-9enr-b6zd-mbh8
16
vulnerability VCID-aajd-9qsf-37cr
17
vulnerability VCID-akrv-yqnf-1kg8
18
vulnerability VCID-azr5-12f8-hfbm
19
vulnerability VCID-c2nk-y4rx-1qf4
20
vulnerability VCID-chep-xthg-zuee
21
vulnerability VCID-cys8-jnmu-77ec
22
vulnerability VCID-dz26-b2ts-puep
23
vulnerability VCID-e94m-mj1k-8kbr
24
vulnerability VCID-eaxm-rjr7-xudb
25
vulnerability VCID-ec34-nvn3-qbcb
26
vulnerability VCID-efwv-r3nc-73h9
27
vulnerability VCID-f7gc-cgka-tycr
28
vulnerability VCID-fpea-e48p-kfbn
29
vulnerability VCID-fpke-p7sz-nfc9
30
vulnerability VCID-gzry-xtu5-ukhu
31
vulnerability VCID-h6t5-pdp5-8qhe
32
vulnerability VCID-hkp9-3hzv-quhk
33
vulnerability VCID-hm7h-7cu3-8be1
34
vulnerability VCID-hyct-5gap-7kdu
35
vulnerability VCID-jeyh-3jxd-z3g6
36
vulnerability VCID-jhen-vhqx-n7dr
37
vulnerability VCID-jsfs-azcs-mfcm
38
vulnerability VCID-jxet-d8ux-mkge
39
vulnerability VCID-jxz8-g6fq-dubw
40
vulnerability VCID-kbrc-85av-nfcn
41
vulnerability VCID-m5rf-usae-yfb7
42
vulnerability VCID-nmzu-mefv-tqeh
43
vulnerability VCID-ppet-ruae-1kav
44
vulnerability VCID-qcwp-su57-9fa1
45
vulnerability VCID-qq68-3j4y-47am
46
vulnerability VCID-qwmy-d2e8-5khw
47
vulnerability VCID-qywv-vf4r-8bh9
48
vulnerability VCID-r5hp-5nju-9ubz
49
vulnerability VCID-rb7c-3nkc-gkeg
50
vulnerability VCID-rzq4-h1ms-nqef
51
vulnerability VCID-sa99-8awj-eycd
52
vulnerability VCID-twuy-wzb7-k7g3
53
vulnerability VCID-tzjk-x116-ayge
54
vulnerability VCID-vasz-rnn1-67ev
55
vulnerability VCID-w9yn-1573-hyau
56
vulnerability VCID-wcx6-wed9-gub2
57
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.0.2
1
url pkg:composer/craftcms/cms@4.2.1
purl pkg:composer/craftcms/cms@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-2vn9-2cs3-vbg3
3
vulnerability VCID-41uv-1axm-fugb
4
vulnerability VCID-41y2-tucq-ykaj
5
vulnerability VCID-4wkr-jx1w-77hn
6
vulnerability VCID-5cxe-tjpb-3qan
7
vulnerability VCID-5mnd-qvaq-k3am
8
vulnerability VCID-5pur-jy1x-gfhv
9
vulnerability VCID-6hcd-ayyh-3fdb
10
vulnerability VCID-71sv-62m4-z3er
11
vulnerability VCID-7y4f-ef7t-47eb
12
vulnerability VCID-83rt-3tyj-qbgx
13
vulnerability VCID-8u2j-17a4-q7eh
14
vulnerability VCID-9ca4-tbhq-27ad
15
vulnerability VCID-9enr-b6zd-mbh8
16
vulnerability VCID-aajd-9qsf-37cr
17
vulnerability VCID-akrv-yqnf-1kg8
18
vulnerability VCID-azr5-12f8-hfbm
19
vulnerability VCID-c2nk-y4rx-1qf4
20
vulnerability VCID-chep-xthg-zuee
21
vulnerability VCID-cys8-jnmu-77ec
22
vulnerability VCID-dz26-b2ts-puep
23
vulnerability VCID-e94m-mj1k-8kbr
24
vulnerability VCID-eaxm-rjr7-xudb
25
vulnerability VCID-ec34-nvn3-qbcb
26
vulnerability VCID-efwv-r3nc-73h9
27
vulnerability VCID-f7gc-cgka-tycr
28
vulnerability VCID-fpea-e48p-kfbn
29
vulnerability VCID-fpke-p7sz-nfc9
30
vulnerability VCID-gzry-xtu5-ukhu
31
vulnerability VCID-h6t5-pdp5-8qhe
32
vulnerability VCID-hkp9-3hzv-quhk
33
vulnerability VCID-hm7h-7cu3-8be1
34
vulnerability VCID-hyct-5gap-7kdu
35
vulnerability VCID-jeyh-3jxd-z3g6
36
vulnerability VCID-jhen-vhqx-n7dr
37
vulnerability VCID-jsfs-azcs-mfcm
38
vulnerability VCID-jxet-d8ux-mkge
39
vulnerability VCID-jxz8-g6fq-dubw
40
vulnerability VCID-kbrc-85av-nfcn
41
vulnerability VCID-m5rf-usae-yfb7
42
vulnerability VCID-nmzu-mefv-tqeh
43
vulnerability VCID-ppet-ruae-1kav
44
vulnerability VCID-qcwp-su57-9fa1
45
vulnerability VCID-qq68-3j4y-47am
46
vulnerability VCID-qwmy-d2e8-5khw
47
vulnerability VCID-qywv-vf4r-8bh9
48
vulnerability VCID-r5hp-5nju-9ubz
49
vulnerability VCID-rb7c-3nkc-gkeg
50
vulnerability VCID-rzq4-h1ms-nqef
51
vulnerability VCID-sa99-8awj-eycd
52
vulnerability VCID-twuy-wzb7-k7g3
53
vulnerability VCID-tzjk-x116-ayge
54
vulnerability VCID-vasz-rnn1-67ev
55
vulnerability VCID-w9yn-1573-hyau
56
vulnerability VCID-wcx6-wed9-gub2
57
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.1
Affected_packages
0
url pkg:composer/craftcms/cms@3.7.0-beta.1
purl pkg:composer/craftcms/cms@3.7.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-41y2-tucq-ykaj
2
vulnerability VCID-5mnd-qvaq-k3am
3
vulnerability VCID-5pur-jy1x-gfhv
4
vulnerability VCID-6hcd-ayyh-3fdb
5
vulnerability VCID-8pjj-w8h7-p7ga
6
vulnerability VCID-aajd-9qsf-37cr
7
vulnerability VCID-c2nk-y4rx-1qf4
8
vulnerability VCID-c9mw-1at1-ebaz
9
vulnerability VCID-chep-xthg-zuee
10
vulnerability VCID-cwm6-qf1f-2keb
11
vulnerability VCID-dz26-b2ts-puep
12
vulnerability VCID-ec34-nvn3-qbcb
13
vulnerability VCID-eecq-8t4y-kka3
14
vulnerability VCID-fpea-e48p-kfbn
15
vulnerability VCID-hkp9-3hzv-quhk
16
vulnerability VCID-hm7h-7cu3-8be1
17
vulnerability VCID-jhen-vhqx-n7dr
18
vulnerability VCID-jxet-d8ux-mkge
19
vulnerability VCID-qcwp-su57-9fa1
20
vulnerability VCID-qq68-3j4y-47am
21
vulnerability VCID-rb7c-3nkc-gkeg
22
vulnerability VCID-s5v6-e631-17f5
23
vulnerability VCID-u4t8-gkkb-73bv
24
vulnerability VCID-van9-c9qy-5bh5
25
vulnerability VCID-vbz3-3rqd-3fh6
26
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.7.0-beta.1
1
url pkg:composer/craftcms/cms@4.0.0-RC1
purl pkg:composer/craftcms/cms@4.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-27cr-w1um-d3e5
3
vulnerability VCID-2vn9-2cs3-vbg3
4
vulnerability VCID-41y2-tucq-ykaj
5
vulnerability VCID-5cxe-tjpb-3qan
6
vulnerability VCID-5mnd-qvaq-k3am
7
vulnerability VCID-5pur-jy1x-gfhv
8
vulnerability VCID-6gwq-1fda-xkcj
9
vulnerability VCID-6h71-zkte-v3ev
10
vulnerability VCID-71sv-62m4-z3er
11
vulnerability VCID-7y4f-ef7t-47eb
12
vulnerability VCID-83rt-3tyj-qbgx
13
vulnerability VCID-8u2j-17a4-q7eh
14
vulnerability VCID-91sx-dk5s-dycz
15
vulnerability VCID-9enr-b6zd-mbh8
16
vulnerability VCID-aajd-9qsf-37cr
17
vulnerability VCID-akrv-yqnf-1kg8
18
vulnerability VCID-azr5-12f8-hfbm
19
vulnerability VCID-c2nk-y4rx-1qf4
20
vulnerability VCID-chep-xthg-zuee
21
vulnerability VCID-cys8-jnmu-77ec
22
vulnerability VCID-dz26-b2ts-puep
23
vulnerability VCID-e94m-mj1k-8kbr
24
vulnerability VCID-eaxm-rjr7-xudb
25
vulnerability VCID-ec34-nvn3-qbcb
26
vulnerability VCID-efwv-r3nc-73h9
27
vulnerability VCID-f7gc-cgka-tycr
28
vulnerability VCID-fpea-e48p-kfbn
29
vulnerability VCID-fpke-p7sz-nfc9
30
vulnerability VCID-gzry-xtu5-ukhu
31
vulnerability VCID-h6t5-pdp5-8qhe
32
vulnerability VCID-hkp9-3hzv-quhk
33
vulnerability VCID-hm7h-7cu3-8be1
34
vulnerability VCID-hyct-5gap-7kdu
35
vulnerability VCID-jeyh-3jxd-z3g6
36
vulnerability VCID-jhen-vhqx-n7dr
37
vulnerability VCID-jsfs-azcs-mfcm
38
vulnerability VCID-jxet-d8ux-mkge
39
vulnerability VCID-jxz8-g6fq-dubw
40
vulnerability VCID-kbrc-85av-nfcn
41
vulnerability VCID-m5rf-usae-yfb7
42
vulnerability VCID-nmzu-mefv-tqeh
43
vulnerability VCID-ppet-ruae-1kav
44
vulnerability VCID-qcwp-su57-9fa1
45
vulnerability VCID-qq68-3j4y-47am
46
vulnerability VCID-qwmy-d2e8-5khw
47
vulnerability VCID-qywv-vf4r-8bh9
48
vulnerability VCID-r5hp-5nju-9ubz
49
vulnerability VCID-rb7c-3nkc-gkeg
50
vulnerability VCID-rzq4-h1ms-nqef
51
vulnerability VCID-sa99-8awj-eycd
52
vulnerability VCID-twuy-wzb7-k7g3
53
vulnerability VCID-tzjk-x116-ayge
54
vulnerability VCID-van9-c9qy-5bh5
55
vulnerability VCID-vasz-rnn1-67ev
56
vulnerability VCID-w9yn-1573-hyau
57
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.0.0-RC1
2
url pkg:composer/craftcms/cms@4.2.0%2B1
purl pkg:composer/craftcms/cms@4.2.0%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-27cr-w1um-d3e5
1
vulnerability VCID-6gwq-1fda-xkcj
2
vulnerability VCID-6h71-zkte-v3ev
3
vulnerability VCID-91sx-dk5s-dycz
4
vulnerability VCID-van9-c9qy-5bh5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.0%252B1
3
url pkg:composer/craftcms/cms@4.2.0.1
purl pkg:composer/craftcms/cms@4.2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1468-4fdx-kbfr
1
vulnerability VCID-1mb5-28xp-ckd2
2
vulnerability VCID-27cr-w1um-d3e5
3
vulnerability VCID-2vn9-2cs3-vbg3
4
vulnerability VCID-41uv-1axm-fugb
5
vulnerability VCID-41y2-tucq-ykaj
6
vulnerability VCID-4wkr-jx1w-77hn
7
vulnerability VCID-5cxe-tjpb-3qan
8
vulnerability VCID-5mnd-qvaq-k3am
9
vulnerability VCID-5pur-jy1x-gfhv
10
vulnerability VCID-6gwq-1fda-xkcj
11
vulnerability VCID-6h71-zkte-v3ev
12
vulnerability VCID-6hcd-ayyh-3fdb
13
vulnerability VCID-71sv-62m4-z3er
14
vulnerability VCID-7y4f-ef7t-47eb
15
vulnerability VCID-83rt-3tyj-qbgx
16
vulnerability VCID-8u2j-17a4-q7eh
17
vulnerability VCID-91sx-dk5s-dycz
18
vulnerability VCID-9ca4-tbhq-27ad
19
vulnerability VCID-9enr-b6zd-mbh8
20
vulnerability VCID-aajd-9qsf-37cr
21
vulnerability VCID-akrv-yqnf-1kg8
22
vulnerability VCID-azr5-12f8-hfbm
23
vulnerability VCID-c2nk-y4rx-1qf4
24
vulnerability VCID-chep-xthg-zuee
25
vulnerability VCID-cys8-jnmu-77ec
26
vulnerability VCID-dz26-b2ts-puep
27
vulnerability VCID-e94m-mj1k-8kbr
28
vulnerability VCID-eaxm-rjr7-xudb
29
vulnerability VCID-ec34-nvn3-qbcb
30
vulnerability VCID-efwv-r3nc-73h9
31
vulnerability VCID-f7gc-cgka-tycr
32
vulnerability VCID-fpea-e48p-kfbn
33
vulnerability VCID-fpke-p7sz-nfc9
34
vulnerability VCID-gzry-xtu5-ukhu
35
vulnerability VCID-h6t5-pdp5-8qhe
36
vulnerability VCID-hkp9-3hzv-quhk
37
vulnerability VCID-hm7h-7cu3-8be1
38
vulnerability VCID-hyct-5gap-7kdu
39
vulnerability VCID-jeyh-3jxd-z3g6
40
vulnerability VCID-jhen-vhqx-n7dr
41
vulnerability VCID-jsfs-azcs-mfcm
42
vulnerability VCID-jxet-d8ux-mkge
43
vulnerability VCID-jxz8-g6fq-dubw
44
vulnerability VCID-kbrc-85av-nfcn
45
vulnerability VCID-m5rf-usae-yfb7
46
vulnerability VCID-nmzu-mefv-tqeh
47
vulnerability VCID-ppet-ruae-1kav
48
vulnerability VCID-qcwp-su57-9fa1
49
vulnerability VCID-qq68-3j4y-47am
50
vulnerability VCID-qwmy-d2e8-5khw
51
vulnerability VCID-qywv-vf4r-8bh9
52
vulnerability VCID-r5hp-5nju-9ubz
53
vulnerability VCID-rb7c-3nkc-gkeg
54
vulnerability VCID-rzq4-h1ms-nqef
55
vulnerability VCID-sa99-8awj-eycd
56
vulnerability VCID-twuy-wzb7-k7g3
57
vulnerability VCID-tzjk-x116-ayge
58
vulnerability VCID-van9-c9qy-5bh5
59
vulnerability VCID-vasz-rnn1-67ev
60
vulnerability VCID-w9yn-1573-hyau
61
vulnerability VCID-wcx6-wed9-gub2
62
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@4.2.0.1
References
0
reference_url http://craft.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://craft.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37251
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55713
published_at 2026-06-07T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55725
published_at 2026-06-06T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.5572
published_at 2026-06-05T12:55:00Z
3
value 0.00323
scoring_system epss
scoring_elements 0.55663
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37251
2
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
3
reference_url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
4
reference_url https://github.com/craftcms/cms/commit/7139213dbd9e177a3528aac8e2db8de91830f118
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/7139213dbd9e177a3528aac8e2db8de91830f118
5
reference_url https://github.com/craftcms/cms/commit/919c9074ff8596bf30a629b0888c529793e9a903
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/919c9074ff8596bf30a629b0888c529793e9a903
6
reference_url https://github.com/craftcms/cms/commit/f0d9b8a1e3ac005a2418f7d3d9059b49a96e73ea
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms/commit/f0d9b8a1e3ac005a2418f7d3d9059b49a96e73ea
7
reference_url https://labs.integrity.pt/advisories/cve-2022-37251
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.integrity.pt/advisories/cve-2022-37251
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37251
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37251
9
reference_url https://labs.integrity.pt/advisories/cve-2022-37251/
reference_id CVE-2022-37251
reference_type
scores
url https://labs.integrity.pt/advisories/cve-2022-37251/
10
reference_url https://github.com/advisories/GHSA-mw37-wx8p-gp45
reference_id GHSA-mw37-wx8p-gp45
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mw37-wx8p-gp45
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-van9-c9qy-5bh5