GoogleOSV:GHSA-8M3R-RV5G-FCPQCross-site scripting in django
5.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.3%
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
References
lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html
lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html
openwall.com/lists/oss-security/2011/02/09/6
www.debian.org/security/2011/dsa-2163
www.djangoproject.com/weblog/2011/feb/08/security
www.mandriva.com/security/advisories?name=MDVSA-2011:031
www.ubuntu.com/usn/USN-1066-1
www.vupen.com/english/advisories/2011/0372
www.vupen.com/english/advisories/2011/0388
www.vupen.com/english/advisories/2011/0429
www.vupen.com/english/advisories/2011/0439
www.vupen.com/english/advisories/2011/0441
bugzilla.redhat.com/show_bug.cgi?id=676359
github.com/advisories/GHSA-8m3r-rv5g-fcpq
github.com/django/django
github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904e
github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fab
github.com/django/django/commit/90be6ca20d607977dec234ec972b77b83955749b
github.com/django/django/commit/a9cf3d23724ff6918103e86aa863eadd1fab811d
nvd.nist.gov/vuln/detail/CVE-2011-0697
Related
5.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.3%