{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6843?format=json","vulnerability_id":"VCID-5v8n-rma9-rqd4","summary":"XSS in admin interface\nThe Django administrative application, django.contrib.admin, consider value of a URLField to be safe. Thus, when displaying it, Django does not escape it allowing an attacker to perform XSS in the administrative interface.","aliases":[{"alias":"GMS-2013-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2691?format=json","purl":"pkg:pypi/django@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dhb-9yue-33h7"},{"vulnerability":"VCID-2m9f-3cgw-ekdr"},{"vulnerability":"VCID-325d-7dfk-sqd2"},{"vulnerability":"VCID-42cm-j2av-87ea"},{"vulnerability":"VCID-5g4y-1qmy-27bd"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a715-2qks-wyhn"},{"vulnerability":"VCID-bgjt-c6sa-pfaj"},{"vulnerability":"VCID-bgmv-mf3x-bkew"},{"vulnerability":"VCID-br5x-v7md-47hp"},{"vulnerability":"VCID-c1n5-4ars-u7ff"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-eker-m822-cuax"},{"vulnerability":"VCID-jc9f-vgy8-ruan"},{"vulnerability":"VCID-jumh-hkhx-7qc9"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-q64b-r7td-2yab"},{"vulnerability":"VCID-qjqs-zfd5-ckbt"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-qzba-9xmg-3qer"},{"vulnerability":"VCID-sbr6-pybe-dubq"},{"vulnerability":"VCID-spwd-dz6f-5fh9"},{"vulnerability":"VCID-t8ec-st1v-s3e5"},{"vulnerability":"VCID-ukxp-wqpr-t3by"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x516-xwze-6ba3"},{"vulnerability":"VCID-x6np-rvrt-nyb2"},{"vulnerability":"VCID-yemh-qd63-wuca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2689?format=json","purl":"pkg:pypi/django@1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dhb-9yue-33h7"},{"vulnerability":"VCID-2m9f-3cgw-ekdr"},{"vulnerability":"VCID-325d-7dfk-sqd2"},{"vulnerability":"VCID-42cm-j2av-87ea"},{"vulnerability":"VCID-5g4y-1qmy-27bd"},{"vulnerability":"VCID-5v8n-rma9-rqd4"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a715-2qks-wyhn"},{"vulnerability":"VCID-bgjt-c6sa-pfaj"},{"vulnerability":"VCID-bgmv-mf3x-bkew"},{"vulnerability":"VCID-br5x-v7md-47hp"},{"vulnerability":"VCID-c1n5-4ars-u7ff"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-eker-m822-cuax"},{"vulnerability":"VCID-fk27-94p2-8kft"},{"vulnerability":"VCID-gwme-keqv-kkgr"},{"vulnerability":"VCID-hk24-1yzs-ybhu"},{"vulnerability":"VCID-jc9f-vgy8-ruan"},{"vulnerability":"VCID-jumh-hkhx-7qc9"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-q64b-r7td-2yab"},{"vulnerability":"VCID-qjqs-zfd5-ckbt"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-qzba-9xmg-3qer"},{"vulnerability":"VCID-sbr6-pybe-dubq"},{"vulnerability":"VCID-spwd-dz6f-5fh9"},{"vulnerability":"VCID-t8ec-st1v-s3e5"},{"vulnerability":"VCID-ukxp-wqpr-t3by"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x516-xwze-6ba3"},{"vulnerability":"VCID-x6np-rvrt-nyb2"},{"vulnerability":"VCID-yemh-qd63-wuca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/2690?format=json","purl":"pkg:pypi/django@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dhb-9yue-33h7"},{"vulnerability":"VCID-2m9f-3cgw-ekdr"},{"vulnerability":"VCID-325d-7dfk-sqd2"},{"vulnerability":"VCID-42cm-j2av-87ea"},{"vulnerability":"VCID-5g4y-1qmy-27bd"},{"vulnerability":"VCID-5v8n-rma9-rqd4"},{"vulnerability":"VCID-6gss-ppm5-3yc9"},{"vulnerability":"VCID-84mm-45p6-xkau"},{"vulnerability":"VCID-896g-hqec-ryb9"},{"vulnerability":"VCID-8jaq-53td-wbeg"},{"vulnerability":"VCID-8teq-9xr9-q3fg"},{"vulnerability":"VCID-9uzd-mmyv-mfh4"},{"vulnerability":"VCID-a715-2qks-wyhn"},{"vulnerability":"VCID-bgjt-c6sa-pfaj"},{"vulnerability":"VCID-bgmv-mf3x-bkew"},{"vulnerability":"VCID-br5x-v7md-47hp"},{"vulnerability":"VCID-c1n5-4ars-u7ff"},{"vulnerability":"VCID-e2jd-yd4j-kqgt"},{"vulnerability":"VCID-eker-m822-cuax"},{"vulnerability":"VCID-fk27-94p2-8kft"},{"vulnerability":"VCID-gwme-keqv-kkgr"},{"vulnerability":"VCID-hk24-1yzs-ybhu"},{"vulnerability":"VCID-jc9f-vgy8-ruan"},{"vulnerability":"VCID-jumh-hkhx-7qc9"},{"vulnerability":"VCID-k6s1-gnmc-e3ed"},{"vulnerability":"VCID-q64b-r7td-2yab"},{"vulnerability":"VCID-qjqs-zfd5-ckbt"},{"vulnerability":"VCID-qm34-ec8s-tfd7"},{"vulnerability":"VCID-qzba-9xmg-3qer"},{"vulnerability":"VCID-sbr6-pybe-dubq"},{"vulnerability":"VCID-spwd-dz6f-5fh9"},{"vulnerability":"VCID-t8ec-st1v-s3e5"},{"vulnerability":"VCID-ukxp-wqpr-t3by"},{"vulnerability":"VCID-w2dv-u8h6-sbgs"},{"vulnerability":"VCID-w4pr-k5nj-ckgy"},{"vulnerability":"VCID-x4ev-6zjm-sbe4"},{"vulnerability":"VCID-x516-xwze-6ba3"},{"vulnerability":"VCID-x6np-rvrt-nyb2"},{"vulnerability":"VCID-yemh-qd63-wuca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.1"}],"references":[{"reference_url":"https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5v8n-rma9-rqd4"}