5.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.3%
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html
lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html
openwall.com/lists/oss-security/2011/02/09/6
www.debian.org/security/2011/dsa-2163
www.djangoproject.com/weblog/2011/feb/08/security
www.mandriva.com/security/advisories?name=MDVSA-2011:031
www.ubuntu.com/usn/USN-1066-1
www.vupen.com/english/advisories/2011/0372
www.vupen.com/english/advisories/2011/0388
www.vupen.com/english/advisories/2011/0429
www.vupen.com/english/advisories/2011/0439
www.vupen.com/english/advisories/2011/0441
bugzilla.redhat.com/show_bug.cgi?id=676359
github.com/advisories/GHSA-8m3r-rv5g-fcpq
github.com/django/django
github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904e
github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fab
github.com/django/django/commit/90be6ca20d607977dec234ec972b77b83955749b
github.com/django/django/commit/a9cf3d23724ff6918103e86aa863eadd1fab811d
nvd.nist.gov/vuln/detail/CVE-2011-0697