Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-j8ge-mhfk-ebd9
Summary
Subrion CMS vulnerable to cross-site scripting
Multiple reflected Cross-site Scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.
Aliases
0
alias CVE-2025-70958
1
alias GHSA-9jjm-mc56-3qxv
Fixed_packages
Affected_packages
0
url pkg:composer/intelliants/subrion@4.2.1
purl pkg:composer/intelliants/subrion@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3bwe-5b6b-a7e2
1
vulnerability VCID-3h1n-dvmt-5qhz
2
vulnerability VCID-3hbd-spm4-2kaz
3
vulnerability VCID-44kx-4nnh-4bdf
4
vulnerability VCID-51fa-htgd-pkd7
5
vulnerability VCID-7yej-24pb-d3dm
6
vulnerability VCID-8g7b-wfgz-77f1
7
vulnerability VCID-8gvw-wym4-qufa
8
vulnerability VCID-8n55-g9s6-5qbz
9
vulnerability VCID-94z6-as1s-pkem
10
vulnerability VCID-9fac-c1gc-jbft
11
vulnerability VCID-9hkc-qw4n-t7at
12
vulnerability VCID-abws-hvpw-myfy
13
vulnerability VCID-by36-7n26-g7cc
14
vulnerability VCID-cjhs-mtaa-7kdb
15
vulnerability VCID-ekj6-hqpd-5ybq
16
vulnerability VCID-f7sw-fp56-hudc
17
vulnerability VCID-fc5n-dcez-93fn
18
vulnerability VCID-gmvv-sz8z-ebgp
19
vulnerability VCID-hay9-1wuc-s3b1
20
vulnerability VCID-j2eh-myxv-abbm
21
vulnerability VCID-j8ge-mhfk-ebd9
22
vulnerability VCID-jqzh-mw8h-23bv
23
vulnerability VCID-ng2d-pg2s-2fac
24
vulnerability VCID-ngpm-xvdu-sybs
25
vulnerability VCID-q9uf-qqfn-n7gr
26
vulnerability VCID-qwxk-wzqe-7kdp
27
vulnerability VCID-r136-w6fm-t7fc
28
vulnerability VCID-s1ez-jft2-tydn
29
vulnerability VCID-sc65-ev58-2bbk
30
vulnerability VCID-sqbf-5a82-yucu
31
vulnerability VCID-vzeg-42da-euej
32
vulnerability VCID-ydhn-xpam-jqgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-70958
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.04203
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-70958
1
reference_url https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T14:39:36Z/
url https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt
2
reference_url https://github.com/intelliants/subrion
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/intelliants/subrion
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-70958
reference_id CVE-2025-70958
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-70958
4
reference_url https://github.com/advisories/GHSA-9jjm-mc56-3qxv
reference_id GHSA-9jjm-mc56-3qxv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jjm-mc56-3qxv
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-j8ge-mhfk-ebd9