Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-by36-7n26-g7cc
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
Aliases
0
alias CVE-2018-16629
1
alias GHSA-mxv3-qcmf-r6wj
Fixed_packages
Affected_packages
0
url pkg:composer/intelliants/subrion@4.0.0
purl pkg:composer/intelliants/subrion@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-kaqs-mmay-47g2
11
vulnerability VCID-ng2d-pg2s-2fac
12
vulnerability VCID-ngpm-xvdu-sybs
13
vulnerability VCID-r136-w6fm-t7fc
14
vulnerability VCID-sc65-ev58-2bbk
15
vulnerability VCID-sqbf-5a82-yucu
16
vulnerability VCID-ue8a-wx3x-fuat
17
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.0
1
url pkg:composer/intelliants/subrion@4.0.1
purl pkg:composer/intelliants/subrion@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-kaqs-mmay-47g2
11
vulnerability VCID-ng2d-pg2s-2fac
12
vulnerability VCID-ngpm-xvdu-sybs
13
vulnerability VCID-r136-w6fm-t7fc
14
vulnerability VCID-sc65-ev58-2bbk
15
vulnerability VCID-sqbf-5a82-yucu
16
vulnerability VCID-ue8a-wx3x-fuat
17
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.1
2
url pkg:composer/intelliants/subrion@4.0.2
purl pkg:composer/intelliants/subrion@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-kaqs-mmay-47g2
11
vulnerability VCID-ng2d-pg2s-2fac
12
vulnerability VCID-ngpm-xvdu-sybs
13
vulnerability VCID-r136-w6fm-t7fc
14
vulnerability VCID-sc65-ev58-2bbk
15
vulnerability VCID-sqbf-5a82-yucu
16
vulnerability VCID-ue8a-wx3x-fuat
17
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.2
3
url pkg:composer/intelliants/subrion@4.0.3
purl pkg:composer/intelliants/subrion@4.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-kaqs-mmay-47g2
11
vulnerability VCID-ng2d-pg2s-2fac
12
vulnerability VCID-ngpm-xvdu-sybs
13
vulnerability VCID-r136-w6fm-t7fc
14
vulnerability VCID-sc65-ev58-2bbk
15
vulnerability VCID-sqbf-5a82-yucu
16
vulnerability VCID-ue8a-wx3x-fuat
17
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.3
4
url pkg:composer/intelliants/subrion@4.0.4
purl pkg:composer/intelliants/subrion@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-kaqs-mmay-47g2
11
vulnerability VCID-ng2d-pg2s-2fac
12
vulnerability VCID-ngpm-xvdu-sybs
13
vulnerability VCID-r136-w6fm-t7fc
14
vulnerability VCID-sc65-ev58-2bbk
15
vulnerability VCID-sqbf-5a82-yucu
16
vulnerability VCID-ue8a-wx3x-fuat
17
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.4
5
url pkg:composer/intelliants/subrion@4.1.1
purl pkg:composer/intelliants/subrion@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-ng2d-pg2s-2fac
11
vulnerability VCID-ngpm-xvdu-sybs
12
vulnerability VCID-r136-w6fm-t7fc
13
vulnerability VCID-sc65-ev58-2bbk
14
vulnerability VCID-sqbf-5a82-yucu
15
vulnerability VCID-ue8a-wx3x-fuat
16
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.1
6
url pkg:composer/intelliants/subrion@4.1.2
purl pkg:composer/intelliants/subrion@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-ng2d-pg2s-2fac
11
vulnerability VCID-ngpm-xvdu-sybs
12
vulnerability VCID-r136-w6fm-t7fc
13
vulnerability VCID-sc65-ev58-2bbk
14
vulnerability VCID-sqbf-5a82-yucu
15
vulnerability VCID-ue8a-wx3x-fuat
16
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.2
7
url pkg:composer/intelliants/subrion@4.1.3
purl pkg:composer/intelliants/subrion@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-ng2d-pg2s-2fac
11
vulnerability VCID-ngpm-xvdu-sybs
12
vulnerability VCID-r136-w6fm-t7fc
13
vulnerability VCID-sc65-ev58-2bbk
14
vulnerability VCID-sqbf-5a82-yucu
15
vulnerability VCID-ue8a-wx3x-fuat
16
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.3
8
url pkg:composer/intelliants/subrion@4.0.5
purl pkg:composer/intelliants/subrion@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-kaqs-mmay-47g2
11
vulnerability VCID-ng2d-pg2s-2fac
12
vulnerability VCID-ngpm-xvdu-sybs
13
vulnerability VCID-r136-w6fm-t7fc
14
vulnerability VCID-sc65-ev58-2bbk
15
vulnerability VCID-sqbf-5a82-yucu
16
vulnerability VCID-tj55-hd23-x3cn
17
vulnerability VCID-ue8a-wx3x-fuat
18
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.0.5
9
url pkg:composer/intelliants/subrion@4.1.0
purl pkg:composer/intelliants/subrion@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-4sh1-uvb4-4khk
4
vulnerability VCID-94z6-as1s-pkem
5
vulnerability VCID-bqcn-jmjn-g3c5
6
vulnerability VCID-by36-7n26-g7cc
7
vulnerability VCID-ekj6-hqpd-5ybq
8
vulnerability VCID-fc5n-dcez-93fn
9
vulnerability VCID-hay9-1wuc-s3b1
10
vulnerability VCID-ng2d-pg2s-2fac
11
vulnerability VCID-ngpm-xvdu-sybs
12
vulnerability VCID-r136-w6fm-t7fc
13
vulnerability VCID-sc65-ev58-2bbk
14
vulnerability VCID-sqbf-5a82-yucu
15
vulnerability VCID-ue8a-wx3x-fuat
16
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.0
10
url pkg:composer/intelliants/subrion@4.1.4
purl pkg:composer/intelliants/subrion@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-94z6-as1s-pkem
4
vulnerability VCID-bqcn-jmjn-g3c5
5
vulnerability VCID-by36-7n26-g7cc
6
vulnerability VCID-ekj6-hqpd-5ybq
7
vulnerability VCID-fc5n-dcez-93fn
8
vulnerability VCID-hay9-1wuc-s3b1
9
vulnerability VCID-ng2d-pg2s-2fac
10
vulnerability VCID-ngpm-xvdu-sybs
11
vulnerability VCID-r136-w6fm-t7fc
12
vulnerability VCID-sc65-ev58-2bbk
13
vulnerability VCID-sqbf-5a82-yucu
14
vulnerability VCID-ue8a-wx3x-fuat
15
vulnerability VCID-vf9g-nd9b-v3h9
16
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.4
11
url pkg:composer/intelliants/subrion@4.1.5
purl pkg:composer/intelliants/subrion@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ttd-m7ht-h3g5
1
vulnerability VCID-3bwe-5b6b-a7e2
2
vulnerability VCID-44kx-4nnh-4bdf
3
vulnerability VCID-94z6-as1s-pkem
4
vulnerability VCID-bqcn-jmjn-g3c5
5
vulnerability VCID-by36-7n26-g7cc
6
vulnerability VCID-ekj6-hqpd-5ybq
7
vulnerability VCID-fc5n-dcez-93fn
8
vulnerability VCID-hay9-1wuc-s3b1
9
vulnerability VCID-ng2d-pg2s-2fac
10
vulnerability VCID-ngpm-xvdu-sybs
11
vulnerability VCID-r136-w6fm-t7fc
12
vulnerability VCID-sc65-ev58-2bbk
13
vulnerability VCID-sqbf-5a82-yucu
14
vulnerability VCID-ue8a-wx3x-fuat
15
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.1.5
12
url pkg:composer/intelliants/subrion@4.2.0
purl pkg:composer/intelliants/subrion@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bwe-5b6b-a7e2
1
vulnerability VCID-44kx-4nnh-4bdf
2
vulnerability VCID-94z6-as1s-pkem
3
vulnerability VCID-by36-7n26-g7cc
4
vulnerability VCID-ekj6-hqpd-5ybq
5
vulnerability VCID-fc5n-dcez-93fn
6
vulnerability VCID-hay9-1wuc-s3b1
7
vulnerability VCID-ng2d-pg2s-2fac
8
vulnerability VCID-ngpm-xvdu-sybs
9
vulnerability VCID-r136-w6fm-t7fc
10
vulnerability VCID-sc65-ev58-2bbk
11
vulnerability VCID-sqbf-5a82-yucu
12
vulnerability VCID-vzeg-42da-euej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.0
13
url pkg:composer/intelliants/subrion@4.2.1
purl pkg:composer/intelliants/subrion@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bwe-5b6b-a7e2
1
vulnerability VCID-3h1n-dvmt-5qhz
2
vulnerability VCID-3hbd-spm4-2kaz
3
vulnerability VCID-44kx-4nnh-4bdf
4
vulnerability VCID-51fa-htgd-pkd7
5
vulnerability VCID-7yej-24pb-d3dm
6
vulnerability VCID-8g7b-wfgz-77f1
7
vulnerability VCID-8gvw-wym4-qufa
8
vulnerability VCID-8n55-g9s6-5qbz
9
vulnerability VCID-94z6-as1s-pkem
10
vulnerability VCID-9fac-c1gc-jbft
11
vulnerability VCID-9hkc-qw4n-t7at
12
vulnerability VCID-abws-hvpw-myfy
13
vulnerability VCID-by36-7n26-g7cc
14
vulnerability VCID-cjhs-mtaa-7kdb
15
vulnerability VCID-ekj6-hqpd-5ybq
16
vulnerability VCID-f7sw-fp56-hudc
17
vulnerability VCID-fc5n-dcez-93fn
18
vulnerability VCID-gmvv-sz8z-ebgp
19
vulnerability VCID-hay9-1wuc-s3b1
20
vulnerability VCID-j2eh-myxv-abbm
21
vulnerability VCID-j8ge-mhfk-ebd9
22
vulnerability VCID-jqzh-mw8h-23bv
23
vulnerability VCID-ng2d-pg2s-2fac
24
vulnerability VCID-ngpm-xvdu-sybs
25
vulnerability VCID-q9uf-qqfn-n7gr
26
vulnerability VCID-qwxk-wzqe-7kdp
27
vulnerability VCID-r136-w6fm-t7fc
28
vulnerability VCID-s1ez-jft2-tydn
29
vulnerability VCID-sc65-ev58-2bbk
30
vulnerability VCID-sqbf-5a82-yucu
31
vulnerability VCID-vzeg-42da-euej
32
vulnerability VCID-ydhn-xpam-jqgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16629
reference_id
reference_type
scores
0
value 0.00321
scoring_system epss
scoring_elements 0.55426
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16629
1
reference_url https://github.com/intelliants/subrion
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intelliants/subrion
2
reference_url https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intelliants/subrion/commit/fbc29ddb29e9c9732695e25ad2c22e038eed6385
3
reference_url https://github.com/intelliants/subrion/issues/777
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intelliants/subrion/issues/777
4
reference_url https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16629
reference_id CVE-2018-16629
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16629
6
reference_url https://github.com/advisories/GHSA-mxv3-qcmf-r6wj
reference_id GHSA-mxv3-qcmf-r6wj
reference_type
scores
url https://github.com/advisories/GHSA-mxv3-qcmf-r6wj
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-by36-7n26-g7cc