{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112604?format=json","vulnerability_id":"VCID-82dv-za7h-dfd8","summary":"A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.","aliases":[{"alias":"CVE-2025-10909"},{"alias":"GHSA-4c44-r8rm-3p39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/856513?format=json","purl":"pkg:composer/novosga/novosga@2.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.10"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/856450?format=json","purl":"pkg:composer/novosga/novosga@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856451?format=json","purl":"pkg:composer/novosga/novosga@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856452?format=json","purl":"pkg:composer/novosga/novosga@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856453?format=json","purl":"pkg:composer/novosga/novosga@1.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/856454?format=json","purl":"pkg:composer/novosga/novosga@1.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/856455?format=json","purl":"pkg:composer/novosga/novosga@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856456?format=json","purl":"pkg:composer/novosga/novosga@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856457?format=json","purl":"pkg:composer/novosga/novosga@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856458?format=json","purl":"pkg:composer/novosga/novosga@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/856459?format=json","purl":"pkg:composer/novosga/novosga@1.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/856460?format=json","purl":"pkg:composer/novosga/novosga@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856461?format=json","purl":"pkg:composer/novosga/novosga@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856462?format=json","purl":"pkg:composer/novosga/novosga@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856463?format=json","purl":"pkg:composer/novosga/novosga@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856464?format=json","purl":"pkg:composer/novosga/novosga@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856465?format=json","purl":"pkg:composer/novosga/novosga@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/856466?format=json","purl":"pkg:composer/novosga/novosga@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856467?format=json","purl":"pkg:composer/novosga/novosga@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856468?format=json","purl":"pkg:composer/novosga/novosga@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856469?format=json","purl":"pkg:composer/novosga/novosga@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856470?format=json","purl":"pkg:composer/novosga/novosga@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856471?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/856472?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-BETA2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-BETA2"},{"url":"http://public2.vulnerablecode.io/api/packages/856473?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-BETA3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-BETA3"},{"url":"http://public2.vulnerablecode.io/api/packages/856474?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-BETA4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-BETA4"},{"url":"http://public2.vulnerablecode.io/api/packages/856475?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-BETA5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/856476?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-BETA6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-BETA6"},{"url":"http://public2.vulnerablecode.io/api/packages/856477?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/856478?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-RC2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-RC2"},{"url":"http://public2.vulnerablecode.io/api/packages/856479?format=json","purl":"pkg:composer/novosga/novosga@2.0.0-RC3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0-RC3"},{"url":"http://public2.vulnerablecode.io/api/packages/856480?format=json","purl":"pkg:composer/novosga/novosga@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856481?format=json","purl":"pkg:composer/novosga/novosga@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856482?format=json","purl":"pkg:composer/novosga/novosga@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856483?format=json","purl":"pkg:composer/novosga/novosga@2.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/856484?format=json","purl":"pkg:composer/novosga/novosga@2.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/856485?format=json","purl":"pkg:composer/novosga/novosga@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/856486?format=json","purl":"pkg:composer/novosga/novosga@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/856487?format=json","purl":"pkg:composer/novosga/novosga@2.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/856488?format=json","purl":"pkg:composer/novosga/novosga@2.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/856489?format=json","purl":"pkg:composer/novosga/novosga@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/856490?format=json","purl":"pkg:composer/novosga/novosga@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/856491?format=json","purl":"pkg:composer/novosga/novosga@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/856492?format=json","purl":"pkg:composer/novosga/novosga@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856493?format=json","purl":"pkg:composer/novosga/novosga@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856494?format=json","purl":"pkg:composer/novosga/novosga@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856495?format=json","purl":"pkg:composer/novosga/novosga@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/856496?format=json","purl":"pkg:composer/novosga/novosga@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/856497?format=json","purl":"pkg:composer/novosga/novosga@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/856498?format=json","purl":"pkg:composer/novosga/novosga@2.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/856499?format=json","purl":"pkg:composer/novosga/novosga@2.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/856500?format=json","purl":"pkg:composer/novosga/novosga@2.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/856501?format=json","purl":"pkg:composer/novosga/novosga@2.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/856502?format=json","purl":"pkg:composer/novosga/novosga@2.2.0-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.0-beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856503?format=json","purl":"pkg:composer/novosga/novosga@2.2.0-beta.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.0-beta.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856504?format=json","purl":"pkg:composer/novosga/novosga@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/856505?format=json","purl":"pkg:composer/novosga/novosga@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/856506?format=json","purl":"pkg:composer/novosga/novosga@2.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/856507?format=json","purl":"pkg:composer/novosga/novosga@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/856508?format=json","purl":"pkg:composer/novosga/novosga@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/856509?format=json","purl":"pkg:composer/novosga/novosga@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/856510?format=json","purl":"pkg:composer/novosga/novosga@2.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/856511?format=json","purl":"pkg:composer/novosga/novosga@2.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/856512?format=json","purl":"pkg:composer/novosga/novosga@2.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/33931?format=json","purl":"pkg:composer/novosga/novosga@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82dv-za7h-dfd8"},{"vulnerability":"VCID-84x4-ssdc-u7f2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/novosga/novosga@2.2.9"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02618","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02612","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02622","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-10909"},{"reference_url":"https://github.com/novosga/novosga","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/novosga/novosga"},{"reference_url":"https://hackmd.io/@noka/B1qwCyR9ll","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackmd.io/@noka/B1qwCyR9ll"},{"reference_url":"https://hackmd.io/@noka/B1qwCyR9ll#%E2%9E%A4-Payload","reference_id":"","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackmd.io/@noka/B1qwCyR9ll#%E2%9E%A4-Payload"},{"reference_url":"https://vuldb.com/?ctiid.325696","reference_id":"?ctiid.325696","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"2.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/"}],"url":"https://vuldb.com/?ctiid.325696"},{"reference_url":"https://karinagante.github.io/cve-2025-10909/","reference_id":"cve-2025-10909","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"2.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/"}],"url":"https://karinagante.github.io/cve-2025-10909/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10909","reference_id":"CVE-2025-10909","reference_type":"","scores":[{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10909"},{"reference_url":"https://github.com/advisories/GHSA-4c44-r8rm-3p39","reference_id":"GHSA-4c44-r8rm-3p39","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c44-r8rm-3p39"},{"reference_url":"https://vuldb.com/?id.325696","reference_id":"?id.325696","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"2.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/"}],"url":"https://vuldb.com/?id.325696"},{"reference_url":"https://karinagante.github.io/cve-2025-10909/#proof-of-concept-poc","reference_id":"#proof-of-concept-poc","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"2.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/"}],"url":"https://karinagante.github.io/cve-2025-10909/#proof-of-concept-poc"},{"reference_url":"https://vuldb.com/?submit.651379","reference_id":"?submit.651379","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:C"},{"value":"2.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"2.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C"},{"value":"2.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-24T17:50:37Z/"}],"url":"https://vuldb.com/?submit.651379"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":94,"name":"Improper Control of Generation of Code ('Code Injection')","description":"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"0.1 - 4.8","exploitability":"0.5","weighted_severity":"4.3","risk_score":2.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82dv-za7h-dfd8"}