Lucene search

K

GoogleOSV:GHSA-C8C8-9472-W52H

HistoryMay 14, 2022 - 2:46 a.m.

Django Cross-site scripting Vulnerability

2022-05-1402:46:13

Google

osv.dev

8

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.4%

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

CPENameOperatorVersion
djangoeq1.4.9
djangoeq1.2
djangoeq1.7.4
djangoeq1.7.7
djangoeq1.4.8
djangoeq1.7.9
djangoeq1.8.7
djangoeq1.3.1
djangoeq1.6.9
djangoeq1.4.4

Rows per page:

1-10 of 1131

References

packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html

rhn.redhat.com/errata/RHSA-2016-1594.html

rhn.redhat.com/errata/RHSA-2016-1595.html

rhn.redhat.com/errata/RHSA-2016-1596.html

seclists.org/fulldisclosure/2016/Jul/53

www.debian.org/security/2016/dsa-3622

www.ubuntu.com/usn/USN-3039-1

www.vulnerability-lab.com/get_content.php?id=1869

github.com/django/django

github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1

github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158

github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d

lists.fedoraproject.org/archives/list/[email protected]/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ

lists.fedoraproject.org/archives/list/[email protected]/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW

nvd.nist.gov/vuln/detail/CVE-2016-6186

web.archive.org/web/20201022155237/www.securityfocus.com/archive/1/538947/100/0/threaded

web.archive.org/web/20210123154652/www.securityfocus.com/bid/92058

web.archive.org/web/20211204042848/www.securitytracker.com/id/1036338

www.djangoproject.com/weblog/2016/jul/18/security-releases

www.exploit-db.com/exploits/40129

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.4%

Related for OSV:GHSA-C8C8-9472-W52H

debian3 nessus7 packetstorm1 redhat3 openvas7 mageia1 fedora2 archlinux2 github1 vulnerlab2 ubuntucve1 cve1 debiancve1 osv1 zdt1 prion1 veracode1 exploitpack1 redhatcve1 cvelist1 ubuntu1 exploitdb1 altlinux2