Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wavt-rrws-3yhs

Summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

Aliases

alias	CVE-2015-3178

alias	GHSA-9fmw-m4qx-6cq8

Fixed_packages

url pkg:composer/moodle/moodle@2.6.11

purl pkg:composer/moodle/moodle@2.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-xmm4-zw49-3feh

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11

url	pkg:composer/moodle/moodle@2.7.8
purl	pkg:composer/moodle/moodle@2.7.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8

url	pkg:composer/moodle/moodle@2.8.6
purl	pkg:composer/moodle/moodle@2.8.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6

Affected_packages

url pkg:composer/moodle/moodle@2.7.0

purl pkg:composer/moodle/moodle@2.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ehh-qz6c-ykhp

vulnerability	VCID-1rar-m2g3-27ag

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-29yj-e9bd-queq

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2y3m-yuaj-vkf2

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3xwm-hqap-8bct

vulnerability	VCID-46jw-xjbu-b3f1

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5c29-qn3p-3yde

vulnerability	VCID-5nfq-4syg-87da

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-5vx4-qtb2-fqe9

vulnerability	VCID-62yh-cpfr-9bb1

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-8q4n-d565-kfbn

vulnerability	VCID-95mq-m2jz-a3ab

vulnerability	VCID-9z66-z9af-17f7

vulnerability	VCID-a3pu-x51u-1udr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-aqc8-tmeg-9fdd

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-bfmx-cwap-8yhp

vulnerability	VCID-czph-uxwr-5uge

vulnerability	VCID-d3yp-gq4c-vyf8

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-ea5s-xphb-6ub7

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fumj-9pun-zfc5

vulnerability	VCID-g4hn-yz26-1beb

vulnerability	VCID-gvan-87dt-b7fp

vulnerability	VCID-h8xn-n98n-qqdv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-hck4-emsr-q7dc

vulnerability	VCID-j11s-2mhg-pfdn

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-krn6-pwk5-ake2

vulnerability	VCID-kzwd-2e6n-fkbm

vulnerability	VCID-n9uc-b76m-8fbs

vulnerability	VCID-nfdb-m7rg-47ca

vulnerability	VCID-qxyw-7hnt-hqd6

vulnerability	VCID-r3f7-9paf-83ht

vulnerability	VCID-r88h-mteg-yka9

vulnerability	VCID-rdfn-52p2-afa7

vulnerability	VCID-rscq-xx52-2ua8

vulnerability	VCID-s3bw-w61k-eqhy

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s5cy-eva4-wbaf

vulnerability	VCID-tmwc-f872-mufw

vulnerability	VCID-ucg8-htfc-2bhn

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-uvgt-7m5a-xkdc

vulnerability	VCID-v4qm-48kk-pfaz

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-v7zm-cw8w-6yf8

vulnerability	VCID-vda3-4fgr-gfbw

vulnerability	VCID-vs2j-b4qg-nbgu

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-wavt-rrws-3yhs

vulnerability	VCID-wawr-t9dc-33fj

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xnmk-jah2-ufce

vulnerability	VCID-xy2y-yxfu-xfgm

vulnerability	VCID-y2vh-7r7h-9ugu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0

url pkg:composer/moodle/moodle@2.8.0

purl pkg:composer/moodle/moodle@2.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-2y3m-yuaj-vkf2

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-46jw-xjbu-b3f1

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-5nfq-4syg-87da

vulnerability	VCID-5vx4-qtb2-fqe9

vulnerability	VCID-62yh-cpfr-9bb1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-95mq-m2jz-a3ab

vulnerability	VCID-9z66-z9af-17f7

vulnerability	VCID-a34q-gbqw-1bbr

vulnerability	VCID-a3pu-x51u-1udr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-aqc8-tmeg-9fdd

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-d3yp-gq4c-vyf8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fpuj-f6nx-n7a9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-g4hn-yz26-1beb

vulnerability	VCID-gvan-87dt-b7fp

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-j11s-2mhg-pfdn

vulnerability	VCID-jc19-ee46-4uh3

vulnerability	VCID-jcnw-cwmz-w7cz

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m6zk-p84r-vbh5

vulnerability	VCID-n9uc-b76m-8fbs

vulnerability	VCID-nfdb-m7rg-47ca

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-r3f7-9paf-83ht

vulnerability	VCID-rscq-xx52-2ua8

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3bw-w61k-eqhy

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-t214-wxz7-a3df

vulnerability	VCID-tmwc-f872-mufw

vulnerability	VCID-trvp-xzf5-pff8

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-wavt-rrws-3yhs

vulnerability	VCID-wg45-hemm-97am

vulnerability	VCID-x2qp-yggf-z7h7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xy2y-yxfu-xfgm

vulnerability	VCID-y2vh-7r7h-9ugu

vulnerability	VCID-ym1r-ackg-4kc3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0

References

reference_url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718
reference_id
reference_type
scores
url	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718

reference_url	http://openwall.com/lists/oss-security/2015/05/18/1
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2015/05/18/1

reference_url	https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749

reference_url	https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78

reference_url	https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5

reference_url	https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f

reference_url	https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b

reference_url	https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6

reference_url	https://moodle.org/mod/forum/discuss.php?d=313685
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=313685

reference_url	https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726
reference_id
reference_type
scores
url	https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726

reference_url	https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358
reference_id
reference_type
scores
url	https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-3178
reference_id	CVE-2015-3178
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-3178

reference_url	https://github.com/advisories/GHSA-9fmw-m4qx-6cq8
reference_id	GHSA-9fmw-m4qx-6cq8
reference_type
scores
url	https://github.com/advisories/GHSA-9fmw-m4qx-6cq8

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wavt-rrws-3yhs

Vulnerability Instance