MEDIUM 6.1 PyPI
Django Cross-site scripting (XSS) vulnerability
GHSA-54qj-48vx-cr9f · CVE-2008-2302 · PYSEC-2008-1
Published · Modified
Description
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2008-2302
- WEB https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
- WEB https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
- WEB https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
- WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
- PACKAGE https://github.com/django/django
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
- WEB https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
- WEB https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
- WEB https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
- WEB https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
- WEB http://www.djangoproject.com/weblog/2008/may/14/security
Ready to move
Start Securing
Free, no credit card | First findings in minutes