Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-t5ka-e1xq-xycb
Summary
Cross-site Scripting
Craft CMS allows XSS by saving a new title from the console tab.
Aliases
0
alias CVE-2018-20418
1
alias GHSA-72pf-cvwq-vgqg
Fixed_packages
0
url pkg:composer/craftcms/cms@3.0.26
purl pkg:composer/craftcms/cms@3.0.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-3twn-e7up-2ugq
2
vulnerability VCID-41y2-tucq-ykaj
3
vulnerability VCID-5mnd-qvaq-k3am
4
vulnerability VCID-5pur-jy1x-gfhv
5
vulnerability VCID-6hcd-ayyh-3fdb
6
vulnerability VCID-8pjj-w8h7-p7ga
7
vulnerability VCID-9kjs-xj6x-y3gb
8
vulnerability VCID-aajd-9qsf-37cr
9
vulnerability VCID-adak-sn51-23gd
10
vulnerability VCID-c2nk-y4rx-1qf4
11
vulnerability VCID-cwm6-qf1f-2keb
12
vulnerability VCID-dz26-b2ts-puep
13
vulnerability VCID-ec34-nvn3-qbcb
14
vulnerability VCID-eecq-8t4y-kka3
15
vulnerability VCID-hm7h-7cu3-8be1
16
vulnerability VCID-jhen-vhqx-n7dr
17
vulnerability VCID-jxet-d8ux-mkge
18
vulnerability VCID-n1z8-7a8m-rfcc
19
vulnerability VCID-nz6e-26rc-f3fa
20
vulnerability VCID-qcwp-su57-9fa1
21
vulnerability VCID-qq68-3j4y-47am
22
vulnerability VCID-rx96-8kfy-4ugu
23
vulnerability VCID-s5v6-e631-17f5
24
vulnerability VCID-u4t8-gkkb-73bv
25
vulnerability VCID-vbz3-3rqd-3fh6
26
vulnerability VCID-xc5n-1vqa-tqaz
27
vulnerability VCID-xv52-rc7v-yba8
28
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.26
Affected_packages
0
url pkg:composer/craftcms/cms@3.0.25
purl pkg:composer/craftcms/cms@3.0.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3r9x-ax4j-3yha
1
vulnerability VCID-3twn-e7up-2ugq
2
vulnerability VCID-41y2-tucq-ykaj
3
vulnerability VCID-5mnd-qvaq-k3am
4
vulnerability VCID-5pur-jy1x-gfhv
5
vulnerability VCID-6hcd-ayyh-3fdb
6
vulnerability VCID-8pjj-w8h7-p7ga
7
vulnerability VCID-9kjs-xj6x-y3gb
8
vulnerability VCID-aajd-9qsf-37cr
9
vulnerability VCID-adak-sn51-23gd
10
vulnerability VCID-c2nk-y4rx-1qf4
11
vulnerability VCID-cwm6-qf1f-2keb
12
vulnerability VCID-dz26-b2ts-puep
13
vulnerability VCID-ec34-nvn3-qbcb
14
vulnerability VCID-eecq-8t4y-kka3
15
vulnerability VCID-hm7h-7cu3-8be1
16
vulnerability VCID-jhen-vhqx-n7dr
17
vulnerability VCID-jxet-d8ux-mkge
18
vulnerability VCID-n1z8-7a8m-rfcc
19
vulnerability VCID-nz6e-26rc-f3fa
20
vulnerability VCID-qcwp-su57-9fa1
21
vulnerability VCID-qq68-3j4y-47am
22
vulnerability VCID-rx96-8kfy-4ugu
23
vulnerability VCID-s5v6-e631-17f5
24
vulnerability VCID-t5ka-e1xq-xycb
25
vulnerability VCID-u4t8-gkkb-73bv
26
vulnerability VCID-vbz3-3rqd-3fh6
27
vulnerability VCID-xc5n-1vqa-tqaz
28
vulnerability VCID-xv52-rc7v-yba8
29
vulnerability VCID-ymw8-mvrz-e7bc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@3.0.25
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20418
reference_id
reference_type
scores
0
value 0.00471
scoring_system epss
scoring_elements 0.65002
published_at 2026-06-05T12:55:00Z
1
value 0.00471
scoring_system epss
scoring_elements 0.64959
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20418
1
reference_url https://github.com/craftcms/cms
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/craftcms/cms
2
reference_url https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting
3
reference_url https://web.archive.org/web/20201208014852/https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208014852/https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html
4
reference_url https://www.exploit-db.com/exploits/46054
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46054
5
reference_url https://www.exploit-db.com/exploits/46054/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46054/
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46054.txt
reference_id CVE-2018-20418
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46054.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20418
reference_id CVE-2018-20418
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20418
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2018-12-27
description Craft CMS 3.0.25 - Cross-Site Scripting
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2018-12-27
exploit_type webapps
platform php
source_date_updated 2019-01-02
data_source Exploit-DB
source_url
Severity_range_score4.0 - 6.9
Exploitability2.0
Weighted_severity6.2
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-t5ka-e1xq-xycb