RHEL 7 : python-django (RHSA-2016:1595)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1595 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

RHEL 7 : python-django (RHSA-2016:1596)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1596 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

Security fix for the ALT Linux 10 package python3-module-django version 1.8.15-alt1

Oct. 24, 2016 Alexey Shabalin 1.8.15-alt1 - 1.8.15 - fixed CVE-2016-2512,CVE-2016-2513,CVE-2016-6186,CVE-2016-7401...

Security fix for the ALT Linux 9 package python3-module-django version 1.8.15-alt1

Oct. 24, 2016 Alexey Shabalin 1.8.15-alt1 - 1.8.15 - fixed CVE-2016-2512,CVE-2016-2513,CVE-2016-6186,CVE-2016-7401...

Updated python-django packages fix security vulnerability

It was discovered that Django is prone to a cross-site scripting vulnerability in the admin's add/change related popup CVE-2016-6186...

CVE-2016-6186

Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...

CVE-2016-6186

CVE-2016-6186 is an XSS vulnerability in Django (dismissChangeRelatedObjectPopup in RelatedObjectLookups.js) exploitable via unsafe Element.innerHTML usage. Affected Django versions: before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1. Public advisories in ALT Linux, Fedora, Debian show ...

CVE-2016-6186

Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...

Fedora 23 : python-django (2016-97ca9d52a4)

fix CVE-2016-6186 rhbz1357701 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Fedora 24 : python-django (2016-b7e31a0b9a)

fix CVE-2016-6186 rhbz1357701 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting

Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release:...

CVE-2016-6186

creationtimestamp| type| source ---|---|--- 2016-07-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40129...

CVE-2016-6186

A cross-site scripting XSS flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related pop-up. Element.textContent is now used to prevent XSS data execution...

Django 3.3.0 Script Insertion

Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability CVE-2016-6186 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/...

[SECURITY] [DSA 3622-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3622-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2016 https://www.debian.org/security/faq -...

CVE-2016-6186

Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...