Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-8ggr-4w7g-skan |
|---|
| Summary | The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.* |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
| 0 |
| url |
pkg:alpm/archlinux/firefox@66.0.5-1 |
| purl |
pkg:alpm/archlinux/firefox@66.0.5-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2cgm-9y8c-cufx |
|
| 1 |
| vulnerability |
VCID-2m6k-ur1p-xkdp |
|
| 2 |
| vulnerability |
VCID-2ysc-4sp5-w7bg |
|
| 3 |
| vulnerability |
VCID-3pd2-cent-rug4 |
|
| 4 |
| vulnerability |
VCID-3scc-qaat-6fcu |
|
| 5 |
| vulnerability |
VCID-8ggr-4w7g-skan |
|
| 6 |
| vulnerability |
VCID-dace-wnut-j7g5 |
|
| 7 |
| vulnerability |
VCID-kvzw-8f7a-t3b6 |
|
| 8 |
| vulnerability |
VCID-mamz-qn64-67dy |
|
| 9 |
| vulnerability |
VCID-msbq-11je-jqg5 |
|
| 10 |
| vulnerability |
VCID-q7gq-5cb3-9khq |
|
| 11 |
| vulnerability |
VCID-qv17-4yg6-yqhf |
|
| 12 |
| vulnerability |
VCID-rumu-a3np-f3fc |
|
| 13 |
| vulnerability |
VCID-x9zb-76d2-b3au |
|
| 14 |
| vulnerability |
VCID-yhen-6hyd-3ug8 |
|
| 15 |
| vulnerability |
VCID-z1qg-tbqw-pbd4 |
|
| 16 |
| vulnerability |
VCID-znh5-2s68-skb7 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0.5-1 |
|
|
|---|
| References |
|
|---|
| Weaknesses |
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 9.0 - 10.0 |
|---|
| Exploitability | 0.5 |
|---|
| Weighted_severity | 9.0 |
|---|
| Risk_score | 4.5 |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-8ggr-4w7g-skan |
|---|