Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/34822?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34822?format=api", "vulnerability_id": "VCID-wfas-jszp-k7dz", "summary": "Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.", "aliases": [ { "alias": "CVE-2013-4249" }, { "alias": "PYSEC-2013-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7644?format=api", "purl": "pkg:pypi/django@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kza-a88p-kfg7" }, { "vulnerability": "VCID-3sg7-t77d-rkc6" }, { "vulnerability": "VCID-5vmb-d4xp-zfgy" }, { "vulnerability": "VCID-6wah-r8vr-5qc4" }, { "vulnerability": "VCID-71t1-69yq-c7h6" }, { "vulnerability": "VCID-7rz2-nqdn-hycc" }, { "vulnerability": "VCID-8gus-er59-1qak" }, { "vulnerability": "VCID-8v2c-7739-2ugp" }, { "vulnerability": "VCID-912q-3eks-4yfm" }, { "vulnerability": "VCID-9bqp-b6rw-mye7" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-bahz-gfxv-e3b2" }, { "vulnerability": "VCID-dh12-js4b-h7fw" }, { "vulnerability": "VCID-ffsr-th58-p3ct" }, { "vulnerability": "VCID-g2z3-2h8p-c7ge" }, { "vulnerability": "VCID-jfya-694v-myar" }, { "vulnerability": "VCID-ksh8-pazn-dbca" }, { "vulnerability": "VCID-mccp-khb9-qkb7" }, { "vulnerability": "VCID-ps24-pjj4-uqd1" }, { "vulnerability": "VCID-r7tk-79xy-jkhj" }, { "vulnerability": "VCID-rq19-9v21-47dy" }, { "vulnerability": "VCID-rxxr-sseq-k7a9" }, { "vulnerability": "VCID-ta66-7qrm-sbhu" }, { "vulnerability": "VCID-u4a7-uvcb-9kf8" }, { "vulnerability": "VCID-u6sd-648r-qbdb" }, { "vulnerability": "VCID-vdpf-jddk-syda" }, { "vulnerability": "VCID-weqb-fxu4-17e7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7642?format=api", "purl": "pkg:pypi/django@1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kza-a88p-kfg7" }, { "vulnerability": "VCID-3sg7-t77d-rkc6" }, { "vulnerability": "VCID-5vmb-d4xp-zfgy" }, { "vulnerability": "VCID-6wah-r8vr-5qc4" }, { "vulnerability": "VCID-71t1-69yq-c7h6" }, { "vulnerability": "VCID-7rz2-nqdn-hycc" }, { "vulnerability": "VCID-8gus-er59-1qak" }, { "vulnerability": "VCID-8v2c-7739-2ugp" }, { "vulnerability": "VCID-912q-3eks-4yfm" }, { "vulnerability": "VCID-9bqp-b6rw-mye7" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-bahz-gfxv-e3b2" }, { "vulnerability": "VCID-dh12-js4b-h7fw" }, { "vulnerability": "VCID-ffsr-th58-p3ct" }, { "vulnerability": "VCID-g2z3-2h8p-c7ge" }, { "vulnerability": "VCID-jfya-694v-myar" }, { "vulnerability": "VCID-ksh8-pazn-dbca" }, { "vulnerability": "VCID-mccp-khb9-qkb7" }, { "vulnerability": "VCID-ps24-pjj4-uqd1" }, { "vulnerability": "VCID-r78b-88d6-m3f2" }, { "vulnerability": "VCID-r7tk-79xy-jkhj" }, { "vulnerability": "VCID-rq19-9v21-47dy" }, { "vulnerability": "VCID-rtjn-qccc-8kc7" }, { "vulnerability": "VCID-rxxr-sseq-k7a9" }, { "vulnerability": "VCID-ta66-7qrm-sbhu" }, { "vulnerability": "VCID-u4a7-uvcb-9kf8" }, { "vulnerability": "VCID-u6sd-648r-qbdb" }, { "vulnerability": "VCID-vdpf-jddk-syda" }, { "vulnerability": "VCID-weqb-fxu4-17e7" }, { "vulnerability": "VCID-wfas-jszp-k7dz" }, { "vulnerability": "VCID-x212-mskt-9bbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/7643?format=api", "purl": "pkg:pypi/django@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kza-a88p-kfg7" }, { "vulnerability": "VCID-3sg7-t77d-rkc6" }, { "vulnerability": "VCID-5vmb-d4xp-zfgy" }, { "vulnerability": "VCID-6wah-r8vr-5qc4" }, { "vulnerability": "VCID-71t1-69yq-c7h6" }, { "vulnerability": "VCID-7rz2-nqdn-hycc" }, { "vulnerability": "VCID-8gus-er59-1qak" }, { "vulnerability": "VCID-8v2c-7739-2ugp" }, { "vulnerability": "VCID-912q-3eks-4yfm" }, { "vulnerability": "VCID-9bqp-b6rw-mye7" }, { "vulnerability": "VCID-9mpt-zxaw-kkeg" }, { "vulnerability": "VCID-bahz-gfxv-e3b2" }, { "vulnerability": "VCID-dh12-js4b-h7fw" }, { "vulnerability": "VCID-ffsr-th58-p3ct" }, { "vulnerability": "VCID-g2z3-2h8p-c7ge" }, { "vulnerability": "VCID-jfya-694v-myar" }, { "vulnerability": "VCID-ksh8-pazn-dbca" }, { "vulnerability": "VCID-mccp-khb9-qkb7" }, { "vulnerability": "VCID-ps24-pjj4-uqd1" }, { "vulnerability": "VCID-r7tk-79xy-jkhj" }, { "vulnerability": "VCID-rq19-9v21-47dy" }, { "vulnerability": "VCID-rxxr-sseq-k7a9" }, { "vulnerability": "VCID-ta66-7qrm-sbhu" }, { "vulnerability": "VCID-u4a7-uvcb-9kf8" }, { "vulnerability": "VCID-u6sd-648r-qbdb" }, { "vulnerability": "VCID-vdpf-jddk-syda" }, { "vulnerability": "VCID-weqb-fxu4-17e7" }, { "vulnerability": "VCID-wfas-jszp-k7dz" }, { "vulnerability": "VCID-x212-mskt-9bbw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.1" } ], "references": [ { "reference_url": "http://seclists.org/oss-sec/2013/q3/369", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q3/369" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/411", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q3/411" }, { "reference_url": "http://secunia.com/advisories/54476", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/54476" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86438" }, { "reference_url": "https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78" }, { "reference_url": "https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560" }, { "reference_url": "https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued" }, { "reference_url": "http://www.securitytracker.com/id/1028915", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1028915" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfas-jszp-k7dz" }