Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8uy7-21ts-b3aj
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Aliases
0
alias CVE-2010-2103
1
alias GHSA-23x8-j7hm-5xwf
Fixed_packages
0
url pkg:deb/debian/axis@0?distro=trixie
purl pkg:deb/debian/axis@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/axis@0%3Fdistro=trixie
1
url pkg:deb/debian/axis@1.4-28%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/axis@1.4-28%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/axis@1.4-28%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/axis@1.4-28%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/axis@1.4-28%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/axis@1.4-28%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/axis@1.4-29?distro=trixie
purl pkg:deb/debian/axis@1.4-29?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/axis@1.4-29%3Fdistro=trixie
4
url pkg:maven/org.apache.axis2.wso2/axis2@1.6.0
purl pkg:maven/org.apache.axis2.wso2/axis2@1.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.axis2.wso2/axis2@1.6.0
Affected_packages
0
url pkg:maven/org.apache.axis2.wso2/axis2@1.4.1
purl pkg:maven/org.apache.axis2.wso2/axis2@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8uy7-21ts-b3aj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.axis2.wso2/axis2@1.4.1
References
0
reference_url http://osvdb.org/64844
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://osvdb.org/64844
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2103.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2103.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-2103
reference_id
reference_type
scores
0
value 0.21768
scoring_system epss
scoring_elements 0.95745
published_at 2026-04-09T12:55:00Z
1
value 0.21768
scoring_system epss
scoring_elements 0.95741
published_at 2026-04-08T12:55:00Z
2
value 0.21768
scoring_system epss
scoring_elements 0.95713
published_at 2026-04-01T12:55:00Z
3
value 0.21768
scoring_system epss
scoring_elements 0.95732
published_at 2026-04-07T12:55:00Z
4
value 0.21768
scoring_system epss
scoring_elements 0.95729
published_at 2026-04-04T12:55:00Z
5
value 0.21768
scoring_system epss
scoring_elements 0.95722
published_at 2026-04-02T12:55:00Z
6
value 0.26903
scoring_system epss
scoring_elements 0.96378
published_at 2026-04-29T12:55:00Z
7
value 0.26903
scoring_system epss
scoring_elements 0.96358
published_at 2026-04-12T12:55:00Z
8
value 0.26903
scoring_system epss
scoring_elements 0.96361
published_at 2026-04-13T12:55:00Z
9
value 0.26903
scoring_system epss
scoring_elements 0.96369
published_at 2026-04-16T12:55:00Z
10
value 0.26903
scoring_system epss
scoring_elements 0.96374
published_at 2026-04-18T12:55:00Z
11
value 0.26903
scoring_system epss
scoring_elements 0.96376
published_at 2026-04-21T12:55:00Z
12
value 0.26903
scoring_system epss
scoring_elements 0.96377
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-2103
3
reference_url http://secunia.com/advisories/39906
reference_id
reference_type
scores
url http://secunia.com/advisories/39906
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/58790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/58790
5
reference_url https://kb.juniper.net/KB27373
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://kb.juniper.net/KB27373
6
reference_url http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
7
reference_url http://www.exploit-db.com/exploits/12689
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/12689
8
reference_url http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
9
reference_url http://www.securityfocus.com/archive/1/511404/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/511404/100/0/threaded
10
reference_url http://www.securityfocus.com/bid/40327
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/40327
11
reference_url http://www.vupen.com/english/advisories/2010/1215
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/1215
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=624026
reference_id 624026
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=624026
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:3com:intelligent_management_center:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:3com:intelligent_management_center:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:3com:intelligent_management_center:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sap:business_objects:12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sap:business_objects:12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sap:business_objects:12:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-2103
reference_id CVE-2010-2103
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-2103
18
reference_url https://github.com/advisories/GHSA-23x8-j7hm-5xwf
reference_id GHSA-23x8-j7hm-5xwf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23x8-j7hm-5xwf
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/12689.txt
reference_id OSVDB-64844;CVE-2010-2103
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/12689.txt
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2010-05-20
description Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2010-05-21
exploit_type webapps
platform multiple
source_date_updated 2016-12-19
data_source Exploit-DB
source_url
Severity_range_score4.0 - 6.9
Exploitability2.0
Weighted_severity6.2
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8uy7-21ts-b3aj