Lucene search

K

GoogleOSV:PYSEC-2016-2

HistoryAug 05, 2016 - 3:59 p.m.

PYSEC-2016-2

2016-08-0515:59:00

Google

osv.dev

10

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

CPENameOperatorVersion
djangoeq1.8.1
djangoeq1.4.18
djangoeq1.5.6
djangoeq1.7.3
djangoeq1.8.4
djangoeq1.5.1
djangoeq1.8c1
djangoeq1.4.7
djangoeq1.7.11
djangoeq1.7.4

Rows per page:

1-10 of 1131

References

packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html

rhn.redhat.com/errata/RHSA-2016-1594.html

rhn.redhat.com/errata/RHSA-2016-1595.html

rhn.redhat.com/errata/RHSA-2016-1596.html

seclists.org/fulldisclosure/2016/Jul/53

www.debian.org/security/2016/dsa-3622

www.securityfocus.com/archive/1/538947/100/0/threaded

www.securityfocus.com/bid/92058

www.securitytracker.com/id/1036338

www.ubuntu.com/usn/USN-3039-1

www.vulnerability-lab.com/get_content.php?id=1869

github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158

github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d

lists.fedoraproject.org/archives/list/[email protected]/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/

lists.fedoraproject.org/archives/list/[email protected]/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/

www.djangoproject.com/weblog/2016/jul/18/security-releases/

www.exploit-db.com/exploits/40129/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for OSV:PYSEC-2016-2

openvas7 debian3 redhat3 archlinux2 nessus7 cve1 debiancve1 packetstorm1 mageia1 zdt1 prion1 veracode1 redhatcve1 exploitpack1 fedora2 vulnerlab2 ubuntucve1 github1 cvelist1 ubuntu1 osv1 exploitdb1 altlinux2