Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ahev-x89y-9fdp

Summary Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

Aliases

alias	CVE-2007-1055

Fixed_packages

url	pkg:deb/debian/mediawiki@1.7.1-9?distro=trixie
purl	pkg:deb/debian/mediawiki@1.7.1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1.7.1-9%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

Affected_packages

References

reference_url	http://osvdb.org/37343
reference_id
reference_type
scores
url	http://osvdb.org/37343

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-1055

reference_id

reference_type

scores

value	0.02025
scoring_system	epss
scoring_elements	0.83852
published_at	2026-04-29T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83712
published_at	2026-04-01T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83725
published_at	2026-04-02T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83739
published_at	2026-04-04T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83742
published_at	2026-04-07T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83766
published_at	2026-04-08T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83772
published_at	2026-04-09T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83788
published_at	2026-04-11T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83782
published_at	2026-04-12T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83778
published_at	2026-04-13T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83812
published_at	2026-04-16T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83813
published_at	2026-04-21T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83838
published_at	2026-04-24T12:55:00Z

value	0.02025
scoring_system	epss
scoring_elements	0.83846
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-1055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1055

reference_url	http://securityreason.com/securityalert/2274
reference_id
reference_type
scores
url	http://securityreason.com/securityalert/2274

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/32586

reference_url	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES
reference_id
reference_type
scores
url	http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOTES

reference_url	http://www.bugsec.com/articles.php?Security=24
reference_id
reference_type
scores
url	http://www.bugsec.com/articles.php?Security=24

reference_url	http://www.securityfocus.com/archive/1/460596/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/460596/100/0/threaded

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238
reference_id	406238
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406238

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::
reference_id	cpe:2.3:a:mediawiki:mediawiki::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc1::::::
reference_id	cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.9.0:rc1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-1055

reference_id

CVE-2007-1055

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2007-1055

Weaknesses

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score 6.8 - 6.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahev-x89y-9fdp

Vulnerability Instance