Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-qmcu-uyur-r7bg
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Aliases
0
alias CVE-2023-5546
1
alias GHSA-9724-h8p7-r3jv
Fixed_packages
0
url pkg:composer/moodle/moodle@4.0.11
purl pkg:composer/moodle/moodle@4.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11
1
url pkg:composer/moodle/moodle@4.1.6
purl pkg:composer/moodle/moodle@4.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6
2
url pkg:composer/moodle/moodle@4.2.3
purl pkg:composer/moodle/moodle@4.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3
3
url pkg:composer/moodle/moodle@4.3.0-rc2
purl pkg:composer/moodle/moodle@4.3.0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2
Affected_packages
0
url pkg:composer/moodle/moodle@4.0.0
purl pkg:composer/moodle/moodle@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-2ymd-b1p7-dygz
2
vulnerability VCID-3898-265t-1yd5
3
vulnerability VCID-3pgc-yptg-tuaa
4
vulnerability VCID-4bfr-preb-afas
5
vulnerability VCID-4k5r-agwn-ruea
6
vulnerability VCID-529p-ynkh-jfeg
7
vulnerability VCID-57pd-ath8-1yf9
8
vulnerability VCID-5gh4-58jt-dfet
9
vulnerability VCID-5hq2-2rn1-73g7
10
vulnerability VCID-5v9k-wk4u-uuf9
11
vulnerability VCID-86zg-df5e-33gn
12
vulnerability VCID-8vb6-115w-hyfc
13
vulnerability VCID-91z3-7wza-c7gs
14
vulnerability VCID-97gg-fuah-jqcq
15
vulnerability VCID-9rv1-hn65-dbhe
16
vulnerability VCID-a195-b6wc-xkbv
17
vulnerability VCID-a8pk-18gr-mubw
18
vulnerability VCID-affq-4sqk-p7ad
19
vulnerability VCID-aubk-tpgh-z7e2
20
vulnerability VCID-bvne-5ym9-byaz
21
vulnerability VCID-cpxg-pzcj-73gn
22
vulnerability VCID-cr63-89au-4be2
23
vulnerability VCID-eweg-zt1g-uyak
24
vulnerability VCID-fb4d-p8pw-yka4
25
vulnerability VCID-gqwn-qskg-qbc7
26
vulnerability VCID-jc4y-cpn8-6kgs
27
vulnerability VCID-m21y-dkas-wyc8
28
vulnerability VCID-nh3b-9waz-rfe5
29
vulnerability VCID-nr96-4dtm-kbf9
30
vulnerability VCID-p9vn-r312-1beg
31
vulnerability VCID-pfk9-w5ge-4uhh
32
vulnerability VCID-pxvb-vwj1-ukc3
33
vulnerability VCID-qkfp-k2g6-dba1
34
vulnerability VCID-qmcu-uyur-r7bg
35
vulnerability VCID-rb6y-r3se-jya9
36
vulnerability VCID-s3wm-bype-73bh
37
vulnerability VCID-sxen-ree9-kbfr
38
vulnerability VCID-v9pe-asg8-37hv
39
vulnerability VCID-wmaz-p29k-kuh8
40
vulnerability VCID-wzxa-tm3r-tkc1
41
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0
1
url pkg:composer/moodle/moodle@4.1.0
purl pkg:composer/moodle/moodle@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-3898-265t-1yd5
2
vulnerability VCID-3pgc-yptg-tuaa
3
vulnerability VCID-4bfr-preb-afas
4
vulnerability VCID-4k5r-agwn-ruea
5
vulnerability VCID-57pd-ath8-1yf9
6
vulnerability VCID-5gh4-58jt-dfet
7
vulnerability VCID-5v9k-wk4u-uuf9
8
vulnerability VCID-91z3-7wza-c7gs
9
vulnerability VCID-97gg-fuah-jqcq
10
vulnerability VCID-9rv1-hn65-dbhe
11
vulnerability VCID-a195-b6wc-xkbv
12
vulnerability VCID-a8pk-18gr-mubw
13
vulnerability VCID-affq-4sqk-p7ad
14
vulnerability VCID-aubk-tpgh-z7e2
15
vulnerability VCID-bvne-5ym9-byaz
16
vulnerability VCID-cmz4-8t2n-27ef
17
vulnerability VCID-cpxg-pzcj-73gn
18
vulnerability VCID-fb4d-p8pw-yka4
19
vulnerability VCID-gqwn-qskg-qbc7
20
vulnerability VCID-jc4y-cpn8-6kgs
21
vulnerability VCID-nr96-4dtm-kbf9
22
vulnerability VCID-p9vn-r312-1beg
23
vulnerability VCID-qmcu-uyur-r7bg
24
vulnerability VCID-rb6y-r3se-jya9
25
vulnerability VCID-s3wm-bype-73bh
26
vulnerability VCID-u1r6-67qc-37cg
27
vulnerability VCID-v9pe-asg8-37hv
28
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0
2
url pkg:composer/moodle/moodle@4.2.0
purl pkg:composer/moodle/moodle@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2exa-nxym-tkbh
1
vulnerability VCID-3898-265t-1yd5
2
vulnerability VCID-39yn-ju6v-c7bd
3
vulnerability VCID-3pgc-yptg-tuaa
4
vulnerability VCID-4bfr-preb-afas
5
vulnerability VCID-4k5r-agwn-ruea
6
vulnerability VCID-57pd-ath8-1yf9
7
vulnerability VCID-5dx5-3bx2-s3fs
8
vulnerability VCID-5v9k-wk4u-uuf9
9
vulnerability VCID-64vn-tcmj-fqac
10
vulnerability VCID-7spz-muj8-bbd3
11
vulnerability VCID-9cbt-2fg9-pyd7
12
vulnerability VCID-9q9d-tprk-a7en
13
vulnerability VCID-9rv1-hn65-dbhe
14
vulnerability VCID-a8pk-18gr-mubw
15
vulnerability VCID-aubk-tpgh-z7e2
16
vulnerability VCID-cpxg-pzcj-73gn
17
vulnerability VCID-dpna-q7gw-b7eb
18
vulnerability VCID-e39g-pwrd-vufr
19
vulnerability VCID-ewvq-xtfp-kbed
20
vulnerability VCID-fb4d-p8pw-yka4
21
vulnerability VCID-gqwn-qskg-qbc7
22
vulnerability VCID-hjzy-jk88-9ycw
23
vulnerability VCID-jc4y-cpn8-6kgs
24
vulnerability VCID-k51w-zrpe-9kb7
25
vulnerability VCID-kbg8-7sgp-pqdt
26
vulnerability VCID-mj91-b11k-k3b7
27
vulnerability VCID-mjpw-fdtz-hqd5
28
vulnerability VCID-p9vn-r312-1beg
29
vulnerability VCID-q3nn-y9nh-u7a3
30
vulnerability VCID-qhed-xzv8-rkhn
31
vulnerability VCID-qmcu-uyur-r7bg
32
vulnerability VCID-qpm9-vvpu-b7dd
33
vulnerability VCID-r1p6-a3wq-ykgp
34
vulnerability VCID-r6s9-x771-yka8
35
vulnerability VCID-svah-tdua-gfe6
36
vulnerability VCID-thj1-tjk1-vffu
37
vulnerability VCID-vvn1-xus3-qbg2
38
vulnerability VCID-wv4g-k5kj-zybd
39
vulnerability VCID-wwu5-av43-1bej
40
vulnerability VCID-ybpa-c7eh-syam
41
vulnerability VCID-ywxq-jkr8-3fat
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5546
reference_id
reference_type
scores
0
value 0.02379
scoring_system epss
scoring_elements 0.8525
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5546
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243445
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2243445
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de
5
reference_url https://moodle.org/mod/forum/discuss.php?d=451587
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/
url https://moodle.org/mod/forum/discuss.php?d=451587
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5546
reference_id CVE-2023-5546
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5546
7
reference_url https://github.com/advisories/GHSA-9724-h8p7-r3jv
reference_id GHSA-9724-h8p7-r3jv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9724-h8p7-r3jv
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-qmcu-uyur-r7bg