5 matches found
CVE-2013-4249
Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...
CVE-2013-4249
CVE-2013-4249 affects Django’s AdminURLFieldWidget in contrib/admin/widgets.py, enabling XSS via URLField input. The issue is in Django 1.5.x prior to 1.5.2 and 1.6.x prior to 1.6 beta 2, where user-supplied URLs can inject script/HTML. In the connected records, upstream Django issued security re...
Django is_safe_url() 跨站脚本 和 URLField 脚本插入漏洞
CVECAN ID: CVE-2013-4249 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4、1.5没有正确过滤django.contrib.admin的URLField字段、django.utils.http.issafeurl函数utils/http.py 的URL重定向相关输入没有被正确过滤,可被利用插入任意HTML和脚本代码,导致这些恶意代码被查看时,会在受影响站点上下文的浏览器会话中执行。 0 Django 1.4.x 厂商补丁: Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Fedora Update for python-django FEDORA-2013-14797
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-django packages fix CVE-2013-4249
Updated python-django package fixes security vulnerability: The issafeurl function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript. CVE-2013-42...