3 matches found
SUSE CVE-2016-2512
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
PT-2017-17595
Name of the Vulnerable Software and Affected Versions Django versions 1.10 before 1.10.7 Django versions 1.9 before 1.9.13 Django versions 1.8 before 1.8.18 Description The issue relies on user input to redirect the user to an "on success" URL. The security check for these redirects, namely...
DEBIAN-CVE-2015-0220
The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...