Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2022/05/01 11:48 p.m.14 views

Django Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...

4.3CVSS5.9AI score0.01312EPSS
Exploits0References12Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/01 12:0 a.m.16 views

Django Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...

4.3CVSS5.2AI score0.01312EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/11/21 12:0 a.m.29 views

RHEL 6 : luci (RHSA-2013:1603)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:1603 advisory. Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system...

6.2CVSS5.9AI score0.00378EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2013/06/28 12:0 a.m.24 views

GroundWork Monitor Enterprise Foundation Webapp Admin Interface Authentication Bypass

The remote host has a version of GroundWork Monitor Enterprise installed that has a poorly protected administration application. By sending a specially crafted HTTP request, it is possible for a remote attacker to access the Foundation Webapp Admin Interface without logging in. Note that installs...

7.5CVSS5.5AI score0.03211EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.25 views

Scientific Linux Security Update : conga on SL5.x i386/x86_64

A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. CVE-2011-0720 %NASLMINLEVEL 70300 C Tenable...

7.5CVSS5.3AI score0.03171EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/11/16 12:0 a.m.16 views

Fedora Update for luci FEDORA-2010-16601

Check for the Version of luci OpenVAS Vulnerability Test Fedora Update for luci FEDORA-2010-16601 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

6.4CVSS6.4AI score0.02002EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2008/09/04 5:41 p.m.16 views

CVE-2008-3909

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...

5.8CVSS6AI score0.00931EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/05/16 12:0 a.m.20 views

FreeBSD : django -- XSS vulnerability (f49ba347-2190-11dd-907c-001c2514716c)

Django project reports : The Django administration application will, when accessed by a user who is not sufficiently authenticated, display a login form and ask the user to provide the necessary credentials before displaying the requested page. This form will be submitted to the URL the user...

4.3CVSS5AI score0.01312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2008/05/15 12:0 a.m.499 views

Django Administration Application Login Form XSS

The remote host is using Django, a high-level Python web framework designed for rapid development of database-driven websites. The administration application included with the version of Django installed on the remote host fails to sanitize the URL before using it to generate dynamic HTML output...

4.3CVSS5.8AI score0.01312EPSS
Exploits0References2
Rows per page
Query Builder