Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uhsu-d6rr-w3hq
SummaryMultiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
Aliases
0
alias CVE-2008-3937
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2008-3937
reference_id
reference_type
scores
0
value 0.0066
scoring_system epss
scoring_elements 0.71582
published_at 2026-06-11T12:55:00Z
1
value 0.0066
scoring_system epss
scoring_elements 0.71668
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2008-3937
1
reference_url http://www.securityfocus.com/bid/30989
reference_id 30989
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:10:21Z/
url http://www.securityfocus.com/bid/30989
2
reference_url http://secunia.com/advisories/31719
reference_id 31719
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:10:21Z/
url http://secunia.com/advisories/31719
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32313.txt
reference_id CVE-2008-3937;OSVDB-47889
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32313.txt
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32314.txt
reference_id CVE-2008-3937;OSVDB-47890
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32314.txt
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32315.txt
reference_id CVE-2008-3937;OSVDB-47891
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/32315.txt
6
reference_url https://www.securityfocus.com/bid/30989/info
reference_id CVE-2008-3937;OSVDB-47891
reference_type exploit
scores
url https://www.securityfocus.com/bid/30989/info
7
reference_url http://packetstorm.linuxsecurity.com/0808-exploits/omcd-xssxsrf.txt
reference_id omcd-xssxsrf.txt
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T15:10:21Z/
url http://packetstorm.linuxsecurity.com/0808-exploits/omcd-xssxsrf.txt
Weaknesses
Exploits
0
date_added 2008-08-28
description OpenDB 1.0.6 - 'user_profile.php?redirect_url' Cross-Site Scripting
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2008-08-28
exploit_type webapps
platform php
source_date_updated 2014-03-17
data_source Exploit-DB
source_url https://www.securityfocus.com/bid/30989/info
Severity_range_score6.1 - 6.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uhsu-d6rr-w3hq