Lucene search

K

[email protected]NVD:CVE-2016-6186

HistoryAug 05, 2016 - 3:59 p.m.

CVE-2016-6186

2016-08-0515:59:09

CWE-79

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

72.8%

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

Node

djangoprojectdjangoRange≤1.8.13

OR

djangoprojectdjangoMatch1.9

OR

djangoprojectdjangoMatch1.9.0rc1

OR

djangoprojectdjangoMatch1.9.1

OR

djangoprojectdjangoMatch1.9.2

OR

djangoprojectdjangoMatch1.9.3

OR

djangoprojectdjangoMatch1.9.4

OR

djangoprojectdjangoMatch1.9.5

OR

djangoprojectdjangoMatch1.9.6

OR

djangoprojectdjangoMatch1.9.7

OR

djangoprojectdjangoMatch1.10alpha1

OR

djangoprojectdjangoMatch1.10beta1

References

packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html

rhn.redhat.com/errata/RHSA-2016-1594.html

rhn.redhat.com/errata/RHSA-2016-1595.html

rhn.redhat.com/errata/RHSA-2016-1596.html

seclists.org/fulldisclosure/2016/Jul/53

www.debian.org/security/2016/dsa-3622

www.securityfocus.com/archive/1/538947/100/0/threaded

www.securityfocus.com/bid/92058

www.securitytracker.com/id/1036338

www.ubuntu.com/usn/USN-3039-1

www.vulnerability-lab.com/get_content.php?id=1869

github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158

github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/

www.djangoproject.com/weblog/2016/jul/18/security-releases/

www.exploit-db.com/exploits/40129/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

72.8%

Related for NVD:CVE-2016-6186

nessus7 archlinux2 cve1 openvas7 debian3 debiancve1 redhat3 fedora2 ubuntucve1 vulnerlab2 github1 packetstorm1 mageia1 ubuntu1 cvelist1 osv2 zdt1 exploitpack1 redhatcve1 veracode1 prion1 exploitdb1 altlinux2