Lucene search
K

55 matches found

ATTACKERKB
ATTACKERKB
added 2017/09/07 1:29 p.m.4 views

CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS5.1AI score0.23566EPSS
Exploits0References8
OSV
OSV
added 2017/09/07 1:29 p.m.19 views

CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS5.9AI score0.23566EPSS
Exploits0References4
OSV
OSV
added 2017/09/07 1:29 p.m.2 views

ALPINE-CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6.1AI score0.23566EPSS
Exploits0References1
OSV
OSV
added 2017/09/07 1:29 p.m.1 views

DEBIAN-CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6.1AI score0.23566EPSS
Exploits0References1
PyPA
PyPA
added 2017/09/07 1:29 p.m.6 views

PYSEC-2017-44

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6.1AI score0.23566EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2017/09/07 1:0 p.m.64 views

CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6.1AI score0.23566EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/07 12:0 a.m.54 views

FreeBSD : Django -- possible XSS in traceback section of technical 500 debug page (aaab03be-932d-11e7-92d8-4b26fc968492)

Django blog : In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...

6.1CVSS5.9AI score0.23566EPSS
Exploits0References3
Veracode
Veracode
added 2017/09/06 6:13 a.m.21 views

Cross-site Scripting (XSS)

Django is vulnerable to cross-site scripting XSS attacks. The library disabled HTML escaping in the 500 debug page template, allowing a malicious user to inject and execute arbitrary webscript...

6.1CVSS6.1AI score0.23566EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2017/09/05 12:0 a.m.5 views

PT-2017-3841

Name of the Vulnerable Software and Affected Versions Django versions 1.10.x through 1.10.7 Django versions 1.11.x through 1.11.4 Description The issue is related to the disabling of HTML autoescaping in a portion of the template for the technical 500 debug page in Django. This could allow a...

7.5CVSS6.6AI score0.25327EPSS
Exploits0References128
FreeBSD
FreeBSD
added 2017/09/05 12:0 a.m.29 views

Django -- possible XSS in traceback section of technical 500 debug page

Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...

6.1CVSS6.3AI score0.23566EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/03/03 12:0 a.m.10 views

MyBB < 1.6.10 Multiple Vulnerabilities

Binary data 9119.prm...

7.3AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

DB4Web 3.4/3.6 Connection Proxy Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5725/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. ...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/22 12:0 a.m.30 views

MyBB < 1.6.10 Multiple Vulnerabilities

According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. - A SQL injection vulnerability exists due to improp...

5.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.21 views

DB4Web TCP relay

DB4Web debug page allows anybody to scan other machines. You may be held for responsible. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2002/09/17 12:0 a.m.15 views

DB4Web 3.43.6 - Connection Proxy

DB4Web 3.43.6 - Connection Proxy source: https://www.securityfocus.com/bid/5725/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. B...

Exploits0
Rows per page
Query Builder