Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ym1r-ackg-4kc3
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
Aliases
0
alias CVE-2015-0216
1
alias GHSA-2jcw-r79x-4r5v
Fixed_packages
0
url pkg:composer/moodle/moodle@2.8.2
purl pkg:composer/moodle/moodle@2.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2
Affected_packages
0
url pkg:composer/moodle/moodle@2.8.0
purl pkg:composer/moodle/moodle@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-2y3m-yuaj-vkf2
2
vulnerability VCID-37j1-ym2f-1fbc
3
vulnerability VCID-37pj-u3gh-n7fd
4
vulnerability VCID-3kq3-v2u1-fyhz
5
vulnerability VCID-46jw-xjbu-b3f1
6
vulnerability VCID-4cx7-eaax-8uhr
7
vulnerability VCID-4kq5-ctsv-eka8
8
vulnerability VCID-5hx1-9xbg-g3fn
9
vulnerability VCID-5nfq-4syg-87da
10
vulnerability VCID-5vx4-qtb2-fqe9
11
vulnerability VCID-62yh-cpfr-9bb1
12
vulnerability VCID-65y9-9ur2-pugc
13
vulnerability VCID-7rut-8dau-e3cp
14
vulnerability VCID-8cc1-hbzm-87bx
15
vulnerability VCID-95mq-m2jz-a3ab
16
vulnerability VCID-9z66-z9af-17f7
17
vulnerability VCID-a34q-gbqw-1bbr
18
vulnerability VCID-a3pu-x51u-1udr
19
vulnerability VCID-an53-nu91-k3d7
20
vulnerability VCID-aqc8-tmeg-9fdd
21
vulnerability VCID-b9ej-hx7z-1bb8
22
vulnerability VCID-d3yp-gq4c-vyf8
23
vulnerability VCID-dnya-ef8u-6bg1
24
vulnerability VCID-eaqp-7abt-6kg9
25
vulnerability VCID-emu7-jhv2-zqb8
26
vulnerability VCID-evke-m8nn-6ua3
27
vulnerability VCID-fpuj-f6nx-n7a9
28
vulnerability VCID-fsex-f512-pudv
29
vulnerability VCID-g4hn-yz26-1beb
30
vulnerability VCID-gvan-87dt-b7fp
31
vulnerability VCID-hbky-xx53-vkct
32
vulnerability VCID-j11s-2mhg-pfdn
33
vulnerability VCID-jc19-ee46-4uh3
34
vulnerability VCID-jcnw-cwmz-w7cz
35
vulnerability VCID-k6pw-51st-b3d2
36
vulnerability VCID-kgvw-uxf4-wbc1
37
vulnerability VCID-m6zk-p84r-vbh5
38
vulnerability VCID-n9uc-b76m-8fbs
39
vulnerability VCID-nfdb-m7rg-47ca
40
vulnerability VCID-qtt4-455b-abb6
41
vulnerability VCID-r3f7-9paf-83ht
42
vulnerability VCID-rscq-xx52-2ua8
43
vulnerability VCID-ryws-mr9v-7yfp
44
vulnerability VCID-s3bw-w61k-eqhy
45
vulnerability VCID-s3ue-e5h8-f3dy
46
vulnerability VCID-sa6m-ecv7-x3ew
47
vulnerability VCID-t214-wxz7-a3df
48
vulnerability VCID-tmwc-f872-mufw
49
vulnerability VCID-trvp-xzf5-pff8
50
vulnerability VCID-ujja-hfkh-wkez
51
vulnerability VCID-uptz-tj66-7yfk
52
vulnerability VCID-v54t-5thx-1beu
53
vulnerability VCID-v6ha-ekxw-7bfr
54
vulnerability VCID-vb67-yux5-ayhf
55
vulnerability VCID-wavt-rrws-3yhs
56
vulnerability VCID-wg45-hemm-97am
57
vulnerability VCID-x2qp-yggf-z7h7
58
vulnerability VCID-xmm4-zw49-3feh
59
vulnerability VCID-xy2y-yxfu-xfgm
60
vulnerability VCID-y2vh-7r7h-9ugu
61
vulnerability VCID-ym1r-ackg-4kc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034
1
reference_url http://openwall.com/lists/oss-security/2015/01/19/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2015/01/19/1
2
reference_url https://github.com/moodle/moodle/commit/b9c86823c70a1cba20bca1c4b5b032ee1559e22d
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/b9c86823c70a1cba20bca1c4b5b032ee1559e22d
3
reference_url https://github.com/moodle/moodle/commit/c80603ddc4ba4e7d85ea2b79f644a4a041cee137
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/c80603ddc4ba4e7d85ea2b79f644a4a041cee137
4
reference_url https://moodle.org/mod/forum/discuss.php?d=278616
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=278616
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0216
reference_id CVE-2015-0216
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-0216
6
reference_url https://github.com/advisories/GHSA-2jcw-r79x-4r5v
reference_id GHSA-2jcw-r79x-4r5v
reference_type
scores
url https://github.com/advisories/GHSA-2jcw-r79x-4r5v
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ym1r-ackg-4kc3