Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-9E1F1692451E2052AA611BAE16CCBFD0

HistoryJul 23, 2018 - 12:00 a.m.

Improper Neutralization of Input During Web Page Generation

2018-07-2300:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

Cross-site scripting vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken cookie.

CPENameOperatorVersion
pypi/djangoge1.2.0
pypi/djangolt1.2.2

CPE	Name	Operator	Version
	pypi/django	ge	1.2.0
	pypi/django	lt	1.2.2

References

marc.info/?l=oss-security&m=128403961700444&w=2

www.djangoproject.com/weblog/2010/sep/08/security-release/

www.securityfocus.com/bid/43116

www.ubuntu.com/usn/USN-1004-1

bugzilla.redhat.com/show_bug.cgi?id=632239

exchange.xforce.ibmcloud.com/vulnerabilities/61729

github.com/advisories/GHSA-fxpg-gg9g-76gj

nvd.nist.gov/vuln/detail/CVE-2010-3082

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for GITLAB-9E1F1692451E2052AA611BAE16CCBFD0