3 matches found
SUSE CVE-2016-2512
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
PT-2017-17595 · Django +2 · Django +2
Name of the Vulnerable Software and Affected Versions: Django versions 1.10 before 1.10.7 Django versions 1.9 before 1.9.13 Django versions 1.8 before 1.8.18 Description: The issue relies on user input to redirect the user to an "on success" URL. The security check for these redirects, namely...
DEBIAN-CVE-2015-0220
The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...