Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5v9k-wk4u-uuf9
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The course upload preview contained an XSS risk for users uploading unsafe data.
Aliases
0
alias CVE-2023-5547
1
alias GHSA-9gqp-3g28-w9xc
Fixed_packages
0
url pkg:composer/moodle/moodle@3.9.24
purl pkg:composer/moodle/moodle@3.9.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24
1
url pkg:composer/moodle/moodle@3.11.17
purl pkg:composer/moodle/moodle@3.11.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17
2
url pkg:composer/moodle/moodle@4.0.11
purl pkg:composer/moodle/moodle@4.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11
3
url pkg:composer/moodle/moodle@4.1.6
purl pkg:composer/moodle/moodle@4.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6
4
url pkg:composer/moodle/moodle@4.2.3
purl pkg:composer/moodle/moodle@4.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3
5
url pkg:composer/moodle/moodle@4.3.0-rc2
purl pkg:composer/moodle/moodle@4.3.0-rc2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2
Affected_packages
0
url pkg:composer/moodle/moodle@3.9.0
purl pkg:composer/moodle/moodle@3.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17vy-726y-u7fz
1
vulnerability VCID-1wmh-jwh7-2fcw
2
vulnerability VCID-2et6-3ejg-27b8
3
vulnerability VCID-2znf-gepe-hbed
4
vulnerability VCID-3898-265t-1yd5
5
vulnerability VCID-4c27-utgj-47e9
6
vulnerability VCID-4s7h-83dq-aua7
7
vulnerability VCID-529p-ynkh-jfeg
8
vulnerability VCID-5hq2-2rn1-73g7
9
vulnerability VCID-5v9k-wk4u-uuf9
10
vulnerability VCID-634y-94qn-huhz
11
vulnerability VCID-6x4n-my8x-sbfg
12
vulnerability VCID-86zg-df5e-33gn
13
vulnerability VCID-8vb6-115w-hyfc
14
vulnerability VCID-8xgp-3nds-d7dm
15
vulnerability VCID-91z3-7wza-c7gs
16
vulnerability VCID-a8ct-r1tq-tfdr
17
vulnerability VCID-a8sa-7ed7-wbby
18
vulnerability VCID-ajnx-w4at-7fgp
19
vulnerability VCID-cf2z-a3h4-jkhf
20
vulnerability VCID-cpxg-pzcj-73gn
21
vulnerability VCID-cr63-89au-4be2
22
vulnerability VCID-dhu5-3tda-2qfx
23
vulnerability VCID-e52k-bb2k-tbgh
24
vulnerability VCID-eq8q-vrca-xbdb
25
vulnerability VCID-eweg-zt1g-uyak
26
vulnerability VCID-ex6v-wa1m-j7f6
27
vulnerability VCID-exk5-1mmz-7kep
28
vulnerability VCID-fj1x-be1c-h3c4
29
vulnerability VCID-fvkk-381y-1kcb
30
vulnerability VCID-gcfy-vcgn-5uc7
31
vulnerability VCID-j8n5-7feg-8bbp
32
vulnerability VCID-m21y-dkas-wyc8
33
vulnerability VCID-mkuq-tdbg-t3ce
34
vulnerability VCID-p8kp-q9s2-w3dq
35
vulnerability VCID-pfk9-w5ge-4uhh
36
vulnerability VCID-pfv8-kvcb-5udc
37
vulnerability VCID-pxvb-vwj1-ukc3
38
vulnerability VCID-rb6y-r3se-jya9
39
vulnerability VCID-s3wm-bype-73bh
40
vulnerability VCID-svds-tck8-rqce
41
vulnerability VCID-sxen-ree9-kbfr
42
vulnerability VCID-t5d1-h6c9-6kex
43
vulnerability VCID-u5tg-a91q-ckf3
44
vulnerability VCID-vgwe-53vc-m7gn
45
vulnerability VCID-wc31-v1d5-jydh
46
vulnerability VCID-wk9h-bhj5-zua8
47
vulnerability VCID-wzxa-tm3r-tkc1
48
vulnerability VCID-yyb2-961k-qyet
49
vulnerability VCID-zhhy-m421-nffk
50
vulnerability VCID-zn3y-sq7h-83h9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.0
1
url pkg:composer/moodle/moodle@3.11.0
purl pkg:composer/moodle/moodle@3.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-25et-htwq-hkgj
2
vulnerability VCID-2ymd-b1p7-dygz
3
vulnerability VCID-2znf-gepe-hbed
4
vulnerability VCID-3898-265t-1yd5
5
vulnerability VCID-3pgc-yptg-tuaa
6
vulnerability VCID-4bfr-preb-afas
7
vulnerability VCID-4c27-utgj-47e9
8
vulnerability VCID-4k5r-agwn-ruea
9
vulnerability VCID-529p-ynkh-jfeg
10
vulnerability VCID-57pd-ath8-1yf9
11
vulnerability VCID-5gh4-58jt-dfet
12
vulnerability VCID-5hq2-2rn1-73g7
13
vulnerability VCID-5v9k-wk4u-uuf9
14
vulnerability VCID-634y-94qn-huhz
15
vulnerability VCID-86zg-df5e-33gn
16
vulnerability VCID-8vb6-115w-hyfc
17
vulnerability VCID-91z3-7wza-c7gs
18
vulnerability VCID-97gg-fuah-jqcq
19
vulnerability VCID-9rv1-hn65-dbhe
20
vulnerability VCID-a195-b6wc-xkbv
21
vulnerability VCID-a8pk-18gr-mubw
22
vulnerability VCID-affq-4sqk-p7ad
23
vulnerability VCID-cf2z-a3h4-jkhf
24
vulnerability VCID-cpxg-pzcj-73gn
25
vulnerability VCID-cr63-89au-4be2
26
vulnerability VCID-e52k-bb2k-tbgh
27
vulnerability VCID-eq8q-vrca-xbdb
28
vulnerability VCID-eweg-zt1g-uyak
29
vulnerability VCID-ex6v-wa1m-j7f6
30
vulnerability VCID-exk5-1mmz-7kep
31
vulnerability VCID-fb4d-p8pw-yka4
32
vulnerability VCID-fj1x-be1c-h3c4
33
vulnerability VCID-fvkk-381y-1kcb
34
vulnerability VCID-fxx8-f2pp-27du
35
vulnerability VCID-gcfy-vcgn-5uc7
36
vulnerability VCID-gqwn-qskg-qbc7
37
vulnerability VCID-jc4y-cpn8-6kgs
38
vulnerability VCID-k253-m5ud-8bgc
39
vulnerability VCID-m21y-dkas-wyc8
40
vulnerability VCID-mkuq-tdbg-t3ce
41
vulnerability VCID-nh3b-9waz-rfe5
42
vulnerability VCID-nr96-4dtm-kbf9
43
vulnerability VCID-p9vn-r312-1beg
44
vulnerability VCID-pfk9-w5ge-4uhh
45
vulnerability VCID-pxvb-vwj1-ukc3
46
vulnerability VCID-qkfp-k2g6-dba1
47
vulnerability VCID-rb6y-r3se-jya9
48
vulnerability VCID-s3wm-bype-73bh
49
vulnerability VCID-sxen-ree9-kbfr
50
vulnerability VCID-v9pe-asg8-37hv
51
vulnerability VCID-vgwe-53vc-m7gn
52
vulnerability VCID-wc31-v1d5-jydh
53
vulnerability VCID-wmaz-p29k-kuh8
54
vulnerability VCID-wzxa-tm3r-tkc1
55
vulnerability VCID-yyb2-961k-qyet
56
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0
2
url pkg:composer/moodle/moodle@4.0.0
purl pkg:composer/moodle/moodle@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-2ymd-b1p7-dygz
2
vulnerability VCID-3898-265t-1yd5
3
vulnerability VCID-3pgc-yptg-tuaa
4
vulnerability VCID-4bfr-preb-afas
5
vulnerability VCID-4k5r-agwn-ruea
6
vulnerability VCID-529p-ynkh-jfeg
7
vulnerability VCID-57pd-ath8-1yf9
8
vulnerability VCID-5gh4-58jt-dfet
9
vulnerability VCID-5hq2-2rn1-73g7
10
vulnerability VCID-5v9k-wk4u-uuf9
11
vulnerability VCID-86zg-df5e-33gn
12
vulnerability VCID-8vb6-115w-hyfc
13
vulnerability VCID-91z3-7wza-c7gs
14
vulnerability VCID-97gg-fuah-jqcq
15
vulnerability VCID-9rv1-hn65-dbhe
16
vulnerability VCID-a195-b6wc-xkbv
17
vulnerability VCID-a8pk-18gr-mubw
18
vulnerability VCID-affq-4sqk-p7ad
19
vulnerability VCID-aubk-tpgh-z7e2
20
vulnerability VCID-bvne-5ym9-byaz
21
vulnerability VCID-cpxg-pzcj-73gn
22
vulnerability VCID-cr63-89au-4be2
23
vulnerability VCID-eweg-zt1g-uyak
24
vulnerability VCID-fb4d-p8pw-yka4
25
vulnerability VCID-gqwn-qskg-qbc7
26
vulnerability VCID-jc4y-cpn8-6kgs
27
vulnerability VCID-m21y-dkas-wyc8
28
vulnerability VCID-nh3b-9waz-rfe5
29
vulnerability VCID-nr96-4dtm-kbf9
30
vulnerability VCID-p9vn-r312-1beg
31
vulnerability VCID-pfk9-w5ge-4uhh
32
vulnerability VCID-pxvb-vwj1-ukc3
33
vulnerability VCID-qkfp-k2g6-dba1
34
vulnerability VCID-qmcu-uyur-r7bg
35
vulnerability VCID-rb6y-r3se-jya9
36
vulnerability VCID-s3wm-bype-73bh
37
vulnerability VCID-sxen-ree9-kbfr
38
vulnerability VCID-v9pe-asg8-37hv
39
vulnerability VCID-wmaz-p29k-kuh8
40
vulnerability VCID-wzxa-tm3r-tkc1
41
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0
3
url pkg:composer/moodle/moodle@4.1.0
purl pkg:composer/moodle/moodle@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-3898-265t-1yd5
2
vulnerability VCID-3pgc-yptg-tuaa
3
vulnerability VCID-4bfr-preb-afas
4
vulnerability VCID-4k5r-agwn-ruea
5
vulnerability VCID-57pd-ath8-1yf9
6
vulnerability VCID-5gh4-58jt-dfet
7
vulnerability VCID-5v9k-wk4u-uuf9
8
vulnerability VCID-91z3-7wza-c7gs
9
vulnerability VCID-97gg-fuah-jqcq
10
vulnerability VCID-9rv1-hn65-dbhe
11
vulnerability VCID-a195-b6wc-xkbv
12
vulnerability VCID-a8pk-18gr-mubw
13
vulnerability VCID-affq-4sqk-p7ad
14
vulnerability VCID-aubk-tpgh-z7e2
15
vulnerability VCID-bvne-5ym9-byaz
16
vulnerability VCID-cmz4-8t2n-27ef
17
vulnerability VCID-cpxg-pzcj-73gn
18
vulnerability VCID-fb4d-p8pw-yka4
19
vulnerability VCID-gqwn-qskg-qbc7
20
vulnerability VCID-jc4y-cpn8-6kgs
21
vulnerability VCID-nr96-4dtm-kbf9
22
vulnerability VCID-p9vn-r312-1beg
23
vulnerability VCID-qmcu-uyur-r7bg
24
vulnerability VCID-rb6y-r3se-jya9
25
vulnerability VCID-s3wm-bype-73bh
26
vulnerability VCID-u1r6-67qc-37cg
27
vulnerability VCID-v9pe-asg8-37hv
28
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0
4
url pkg:composer/moodle/moodle@4.2.0
purl pkg:composer/moodle/moodle@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3898-265t-1yd5
1
vulnerability VCID-39yn-ju6v-c7bd
2
vulnerability VCID-3pgc-yptg-tuaa
3
vulnerability VCID-4bfr-preb-afas
4
vulnerability VCID-4k5r-agwn-ruea
5
vulnerability VCID-57pd-ath8-1yf9
6
vulnerability VCID-5dx5-3bx2-s3fs
7
vulnerability VCID-5v9k-wk4u-uuf9
8
vulnerability VCID-64vn-tcmj-fqac
9
vulnerability VCID-9cbt-2fg9-pyd7
10
vulnerability VCID-9q9d-tprk-a7en
11
vulnerability VCID-9rv1-hn65-dbhe
12
vulnerability VCID-a8pk-18gr-mubw
13
vulnerability VCID-aubk-tpgh-z7e2
14
vulnerability VCID-cpxg-pzcj-73gn
15
vulnerability VCID-dpna-q7gw-b7eb
16
vulnerability VCID-fb4d-p8pw-yka4
17
vulnerability VCID-gqwn-qskg-qbc7
18
vulnerability VCID-jc4y-cpn8-6kgs
19
vulnerability VCID-k51w-zrpe-9kb7
20
vulnerability VCID-mj91-b11k-k3b7
21
vulnerability VCID-p9vn-r312-1beg
22
vulnerability VCID-q3nn-y9nh-u7a3
23
vulnerability VCID-qhed-xzv8-rkhn
24
vulnerability VCID-qmcu-uyur-r7bg
25
vulnerability VCID-qpm9-vvpu-b7dd
26
vulnerability VCID-r1p6-a3wq-ykgp
27
vulnerability VCID-r6s9-x771-yka8
28
vulnerability VCID-svah-tdua-gfe6
29
vulnerability VCID-thj1-tjk1-vffu
30
vulnerability VCID-vvn1-xus3-qbg2
31
vulnerability VCID-wwu5-av43-1bej
32
vulnerability VCID-ybpa-c7eh-syam
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5547
reference_id
reference_type
scores
0
value 0.00139
scoring_system epss
scoring_elements 0.33706
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5547
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243447
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2243447
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079
5
reference_url https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e
6
reference_url https://moodle.org/mod/forum/discuss.php?d=451588
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/
url https://moodle.org/mod/forum/discuss.php?d=451588
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5547
reference_id CVE-2023-5547
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5547
8
reference_url https://github.com/advisories/GHSA-9gqp-3g28-w9xc
reference_id GHSA-9gqp-3g28-w9xc
reference_type
scores
url https://github.com/advisories/GHSA-9gqp-3g28-w9xc
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score3.3 - 6.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5v9k-wk4u-uuf9