Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vq15-t92r-5bhx
Summary
Cross-site Scripting
The page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.
Aliases
0
alias CVE-2018-6905
Fixed_packages
0
url pkg:composer/typo3/cms@8.7.11
purl pkg:composer/typo3/cms@8.7.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.11
1
url pkg:composer/typo3/cms@9.1.0
purl pkg:composer/typo3/cms@9.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0
Affected_packages
0
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-3ugj-6m1e-e3hr
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-4jck-w9ct-budk
5
vulnerability VCID-7ch1-q9f4-a7bt
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9adx-p876-kyb5
10
vulnerability VCID-a1g9-pyz5-9fca
11
vulnerability VCID-abjx-8v46-d7d8
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-cvk2-93hm-gkhx
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-emqq-kwjg-3kfk
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-hp99-ncuh-6ugv
18
vulnerability VCID-j8hk-bqnb-gycp
19
vulnerability VCID-je4q-svfw-hqda
20
vulnerability VCID-jq5y-7h9g-mufa
21
vulnerability VCID-k5t3-28es-h3ez
22
vulnerability VCID-khpm-e1xb-hydb
23
vulnerability VCID-njsj-bwjq-fyap
24
vulnerability VCID-nney-azbc-pucg
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-qxab-9uwr-yqhv
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdjb-gp4t-vbgt
30
vulnerability VCID-sdsa-mh76-kqch
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-uq77-aax5-k7d8
33
vulnerability VCID-vq15-t92r-5bhx
34
vulnerability VCID-vw2r-g8yy-eyf4
35
vulnerability VCID-w1wb-mq2y-dfca
36
vulnerability VCID-x5x1-w7yv-eye9
37
vulnerability VCID-y7ds-p5r2-yuhq
38
vulnerability VCID-yz6t-ge1y-qfgr
39
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
References
0
reference_url https://forge.typo3.org/issues/84191
reference_id
reference_type
scores
url https://forge.typo3.org/issues/84191
1
reference_url http://www.securitytracker.com/id/1040755
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040755
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
reference_id CVE-2018-6905
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vq15-t92r-5bhx