Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-527w-e1dv-qyhe
SummaryphpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.
Aliases
0
alias CVE-2024-27300
1
alias GHSA-q7g6-xfh2-vhpx
Fixed_packages
0
url pkg:composer/phpmyfaq/phpmyfaq@3.2.6
purl pkg:composer/phpmyfaq/phpmyfaq@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2na9-t3m7-wfhn
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-a9tb-yj7x-pya1
9
vulnerability VCID-ecpv-3xqn-eqf8
10
vulnerability VCID-p68j-sbvd-yuh4
11
vulnerability VCID-qhsm-g24v-k7gj
12
vulnerability VCID-rrz3-kbbd-eyhq
13
vulnerability VCID-tpbv-urbk-h7gf
14
vulnerability VCID-txxg-bugj-6bd4
15
vulnerability VCID-vjqh-59nn-5ude
16
vulnerability VCID-yckn-74u4-pkaw
17
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6
1
url pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
purl pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2na9-t3m7-wfhn
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5ez6-qnbc-nfgb
4
vulnerability VCID-5pw3-qxh6-6ufr
5
vulnerability VCID-5wsg-7979-dqgs
6
vulnerability VCID-6jmj-n5mz-bba8
7
vulnerability VCID-7tpb-1avq-zfhu
8
vulnerability VCID-8k51-budg-h3ak
9
vulnerability VCID-a9tb-yj7x-pya1
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-p68j-sbvd-yuh4
12
vulnerability VCID-qhsm-g24v-k7gj
13
vulnerability VCID-rrz3-kbbd-eyhq
14
vulnerability VCID-tpbv-urbk-h7gf
15
vulnerability VCID-txxg-bugj-6bd4
16
vulnerability VCID-vjqh-59nn-5ude
17
vulnerability VCID-yckn-74u4-pkaw
18
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
Affected_packages
0
url pkg:composer/phpmyfaq/phpmyfaq@3.2.5
purl pkg:composer/phpmyfaq/phpmyfaq@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-b67r-uyfw
1
vulnerability VCID-1qwx-htn1-4bg8
2
vulnerability VCID-2na9-t3m7-wfhn
3
vulnerability VCID-5256-zeqq-yqas
4
vulnerability VCID-527w-e1dv-qyhe
5
vulnerability VCID-57ev-2w6v-mbbs
6
vulnerability VCID-5pw3-qxh6-6ufr
7
vulnerability VCID-5wsg-7979-dqgs
8
vulnerability VCID-6jmj-n5mz-bba8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-a9tb-yj7x-pya1
12
vulnerability VCID-cq9g-8pv2-bfcm
13
vulnerability VCID-ecpv-3xqn-eqf8
14
vulnerability VCID-p68j-sbvd-yuh4
15
vulnerability VCID-q524-u3fc-2uac
16
vulnerability VCID-qhsm-g24v-k7gj
17
vulnerability VCID-qtya-dhhw-uqa9
18
vulnerability VCID-rrz3-kbbd-eyhq
19
vulnerability VCID-tpbv-urbk-h7gf
20
vulnerability VCID-txxg-bugj-6bd4
21
vulnerability VCID-vjqh-59nn-5ude
22
vulnerability VCID-wgqs-pf23-dkdb
23
vulnerability VCID-yckn-74u4-pkaw
24
vulnerability VCID-yjdz-bsf2-xbfz
25
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27300
reference_id
reference_type
scores
0
value 0.00787
scoring_system epss
scoring_elements 0.74351
published_at 2026-06-14T12:55:00Z
1
value 0.00787
scoring_system epss
scoring_elements 0.74353
published_at 2026-06-13T12:55:00Z
2
value 0.00787
scoring_system epss
scoring_elements 0.7434
published_at 2026-06-12T12:55:00Z
3
value 0.00787
scoring_system epss
scoring_elements 0.74266
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27300
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459
reference_id 09336b0ff0e0a04aa0c97c5975651af4769d2459
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T19:29:59Z/
url https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27300
reference_id CVE-2024-27300
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27300
4
reference_url https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209
reference_id de90315c9bd4ead5fe6ba5586f6b016843aa8209
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T19:29:59Z/
url https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209
5
reference_url https://github.com/advisories/GHSA-q7g6-xfh2-vhpx
reference_id GHSA-q7g6-xfh2-vhpx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7g6-xfh2-vhpx
6
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx
reference_id GHSA-q7g6-xfh2-vhpx
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-25T19:29:59Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-527w-e1dv-qyhe