CVE-2016-6186

🗓️ 05 Aug 2016 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 424 Views🌐 WEB

CVE-2016-6186 XSS vulnerability in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via unsafe usage of Element.innerHTML

Reporter	Title	Published	Views	Family All 62
0day.today	Django CMS 3.3.0 - (Editor Snippet) Persistent Cross-Site Scripting	20 Jul 201600:00	–	zdt
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 1.8.15-alt1	24 Oct 201600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package python3-module-django version 1.8.15-alt1	24 Oct 201600:00	–	altlinux
ArchLinux	python-django: cross-site scripting	22 Jul 201600:00	–	archlinux
ArchLinux	python2-django: cross-site scripting	22 Jul 201600:00	–	archlinux
Circl	CVE-2016-6186	20 Jul 201600:00	–	circl
CNVD	python-django cross-site scripting vulnerability	21 Jul 201600:00	–	cnvd
Cvelist	CVE-2016-6186	5 Aug 201615:00	–	cvelist
Debian	[SECURITY] [DLA 555-1] python-django security update	21 Jul 201618:55	–	debian
Debian	[SECURITY] [DSA 3622-1] python-django security update	18 Jul 201619:34	–	debian

NVD

Node

debian debian_linuxMatch8.0

Node

djangoproject djangoRange≤1.8.13

djangoproject djangoMatch1.9

djangoproject djangoMatch1.9.0rc1

djangoproject djangoMatch1.9.1

djangoproject djangoMatch1.9.2

djangoproject djangoMatch1.9.3

djangoproject djangoMatch1.9.4

djangoproject djangoMatch1.9.5

djangoproject djangoMatch1.9.6

djangoproject djangoMatch1.9.7

djangoproject djangoMatch1.10alpha1

djangoproject djangoMatch1.10beta1

Source	Link
github	www.github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
exploit-db	www.exploit-db.com/exploits/40129/
securityfocus	www.securityfocus.com/archive/1/538947/100/0/threaded
rhn	www.rhn.redhat.com/errata/RHSA-2016-1596.html
securityfocus	www.securityfocus.com/bid/92058
seclists	www.seclists.org/fulldisclosure/2016/Jul/53
ubuntu	www.ubuntu.com/usn/USN-3039-1
debian	www.debian.org/security/2016/dsa-3622
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
rhn	www.rhn.redhat.com/errata/RHSA-2016-1595.html

Parameter	Position	Path	Description	CWE
name	request body	en/admin/djangocms_snippet/snippet/2/?_to_field=id&_popup=1	Persistent XSS via unescaped snippet name input in Editor - Snippets (Add) module (POST)	CWE-79
select	request body	en/admin/djangocms_snippet/snippet/2/?_to_field=id&_popup=1	Persistent XSS via unescaped snippet name input in Editor - Snippets (Add) module (POST)	CWE-79

06 May 2026 22:30Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

CVSS 36.1

EPSS0.16367

CWE-79