Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, as well as the AdminURLFieldWidget widget, are susceptible to a potential denial-of-service attack due to certain inputs containing a very large number of Unicode characters...

PT-2025-41681

Name of the Vulnerable Software and Affected Versions Page Blocks plugin for WordPress versions prior to 1.1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or missing nonce validation within the admin process widget page change functio...

OESA-2024-2003 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with ...

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC When creating a new widget, insert...

CVE-2020-26623

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal...

SUSE CVE-2018-16984

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission new in Django 2.1...

SUSE CVE-2020-13596

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...

GHSA-2M34-JCJV-45XF XSS in Django

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...

USN-4381-2 python-django vulnerabilities

USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of...

CVE-2020-13596

A flaw was found in Django, where the query parameters for the admin widget ForeignKeyRawIdWidget were not properly URL encoded. This flaw allows an attacker to perform a Cross-site scripting XSS attack. The highest threat from this vulnerability is to confidentiality...

PYSEC-2020-32

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...

USN-4381-1 python-django vulnerabilities

Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. CVE-2020-13254 Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin...

CVE-2018-17884

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook gwolle-gb plugin before 2.5.4 for WordPress via the PATHINFO to wp-admin/index.php...

PYSEC-2013-19

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...