EUVD-2013-0007

Malware in sbrugna...

python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget

A flaw was found in Django. 'urlize', 'urlizetrunc', and 'AdminURLFieldWidget' may be subject to a denial of service attack via certain inputs with a very large number of Unicode characters...

python-django: Potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget

A flaw was found in Django. 'urlize', 'urlizetrunc', and 'AdminURLFieldWidget' may be subject to a denial of service attack via certain inputs with a very large number of Unicode characters...

BIT-DJANGO-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

SUSE CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

Django -- multiple vulnerabilities

Django reports: CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat. CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize. CVE-2024-41991: Potential denial-of-service vulnerability in django.utils.html.urlize and AdminURLFieldWidget. CVE-2024-42005:...

Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

GHSA-4894-5VQC-6R2R Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

CVE-2019-12308

A validation flaw was found in Django's AdminURLFieldWidget. The clickable Current URL link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. An unvalidated value stored in the database, or a value provided as a URL query parameter payload, could...

Security update for python-Django (moderate)

openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2019:1872-1 Rating: moderate References: 1136468 1139945 1142880 1142882 1142883 1142885 Cross-References: CVE-2019-11358 CVE-2019-12308 CVE-2019-12781 CVE-2019-14232 CVE-2019-14233 CVE-2019-14234...

SUSE-SU-2019:2034-1 Security update for python-Django1

This update for python-Django1 fixes the following issues: - CVE-2019-12308: Fixed an improper validatation of the clickable 'Current URL' link in AdminURLFieldWidget which could have allowed attackers to perform XSS attacks bsc1136468...

Django AdminURLFieldWidget XSS Vulnerability - Linux

Django is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django";...

Django AdminURLFieldWidget XSS Vulnerability - Windows

Django is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django";...

Django Cross-site Scripting in AdminURLFieldWidget

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

FreeBSD : Django -- AdminURLFieldWidget XSS (ffc73e87-87f0-11e9-ad56-fcaa147e860e)

Django security releases issued : The clickable 'Current URL' link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickab...

Cross-site Scripting (XSS)

Django is vulnerable to Cross-Site Scripting. The clickable "Current URL" link generated by AdminURLFieldWidget displays the provided value without sanitising the URL. Thus, an attacker could craft a malicious url to execute arbitrary javascript code on the victim's browser...

[ASA-201906-1] python2-django: cross-site scripting

Arch Linux Security Advisory ASA-201906-1 ========================================= Severity: Medium Date : 2019-06-04 CVE-ID : CVE-2019-12308 Package : python2-django Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-970 Summary ======= The package python2-django...