{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37935?format=json","vulnerability_id":"VCID-gubk-qp7e-h7f4","summary":"XSS vulnerability\nThere's an XSS attack vector in Security Library method `xss_clean()`.","aliases":[{"alias":"GMS-2015-40"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52389?format=json","purl":"pkg:composer/codeigniter/framework@3.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/codeigniter/framework@3.0.3"}],"affected_packages":[],"references":[{"reference_url":"https://github.com/bcit-ci/CodeIgniter/commit/249580e711d42fe966e52d7bcc0f349ba99a94a3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcit-ci/CodeIgniter/commit/249580e711d42fe966e52d7bcc0f349ba99a94a3"},{"reference_url":"https://github.com/bcit-ci/CodeIgniter/commit/4fbf2d1a8e2b6d33e92f3f353b05388fd3229bd7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcit-ci/CodeIgniter/commit/4fbf2d1a8e2b6d33e92f3f353b05388fd3229bd7"},{"reference_url":"https://github.com/bcit-ci/CodeIgniter/commit/71b1b3f5b2dcc0f4b652e9494e9853b82541ac8c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcit-ci/CodeIgniter/commit/71b1b3f5b2dcc0f4b652e9494e9853b82541ac8c"},{"reference_url":"https://github.com/bcit-ci/CodeIgniter/commit/f0f47da9ae4227968ccc9ee6511bcab526498b4c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcit-ci/CodeIgniter/commit/f0f47da9ae4227968ccc9ee6511bcab526498b4c"},{"reference_url":"http://www.codeigniter.com/user_guide/changelog.html#version-3-0-3","reference_id":"","reference_type":"","scores":[],"url":"http://www.codeigniter.com/user_guide/changelog.html#version-3-0-3"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gubk-qp7e-h7f4"}