MEDIUM 6.1 PyPI
Cross-site scripting in django
GHSA-8m3r-rv5g-fcpq · CVE-2011-0697 · PYSEC-2011-11
Published · Modified
Description
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2011-0697
- WEB https://github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904e
- WEB https://github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fab
- WEB https://github.com/django/django/commit/90be6ca20d607977dec234ec972b77b83955749b
- WEB https://github.com/django/django/commit/a9cf3d23724ff6918103e86aa863eadd1fab811d
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=676359
- ADVISORY https://github.com/advisories/GHSA-8m3r-rv5g-fcpq
- PACKAGE https://github.com/django/django
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-11.yaml
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-31.yaml
- WEB https://web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
- WEB https://web.archive.org/web/20110521033304/http://secunia.com/advisories/43297
- WEB https://web.archive.org/web/20110521033309/http://secunia.com/advisories/43382
- WEB https://web.archive.org/web/20110521033314/http://secunia.com/advisories/43426
- WEB https://web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
- WEB http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html
- WEB http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html
- WEB http://openwall.com/lists/oss-security/2011/02/09/6
- WEB http://secunia.com/advisories/43230
- WEB http://secunia.com/advisories/43297
- WEB http://secunia.com/advisories/43382
- WEB http://secunia.com/advisories/43426
- WEB http://www.debian.org/security/2011/dsa-2163
- WEB http://www.djangoproject.com/weblog/2011/feb/08/security
- WEB http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
- WEB http://www.securityfocus.com/bid/46296
- WEB http://www.ubuntu.com/usn/USN-1066-1
- WEB http://www.vupen.com/english/advisories/2011/0372
- WEB http://www.vupen.com/english/advisories/2011/0388
- WEB http://www.vupen.com/english/advisories/2011/0429
- WEB http://www.vupen.com/english/advisories/2011/0439
- WEB http://www.vupen.com/english/advisories/2011/0441
Ready to move
Start Securing
Free, no credit card | First findings in minutes