(RHSA-2016:1595) Moderate: python-django security update

2016-08-11T03:57:56
ID RHSA-2016:1595
Type redhat
Reporter RedHat
Modified 2018-03-19T16:27:18

Description

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.

Security Fix(es):

  • A cross-site scripting (XSS) flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution. (CVE-2016-6186)

Red Hat would like to thank the upstream Django project for reporting this issue.