Lucene search
K

5 matches found

Debian CVE
Debian CVE
added 2013/10/04 5:0 p.m.27 views

CVE-2013-4249

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

4.3CVSS5.5AI score0.0288EPSS
Exploits2
CVE
CVE
added 2013/10/04 5:0 p.m.69 views

CVE-2013-4249

CVE-2013-4249 affects Django’s AdminURLFieldWidget in contrib/admin/widgets.py, enabling XSS via URLField input. The issue is in Django 1.5.x prior to 1.5.2 and 1.6.x prior to 1.6 beta 2, where user-supplied URLs can inject script/HTML. In the connected records, upstream Django issued security re...

4.3CVSS5.5AI score0.0288EPSS
Exploits2References8Affected Software1
seebug.org
seebug.org
added 2013/08/27 12:0 a.m.57 views

Django is_safe_url() 跨站脚本 和 URLField 脚本插入漏洞

CVECAN ID: CVE-2013-4249 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4、1.5没有正确过滤django.contrib.admin的URLField字段、django.utils.http.issafeurl函数utils/http.py 的URL重定向相关输入没有被正确过滤,可被利用插入任意HTML和脚本代码,导致这些恶意代码被查看时,会在受影响站点上下文的浏览器会话中执行。 0 Django 1.4.x 厂商补丁: Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

4.3CVSS6.3AI score0.0288EPSS
Exploits2
OpenVAS
OpenVAS
added 2013/08/23 12:0 a.m.25 views

Fedora Update for python-django FEDORA-2013-14797

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.0288EPSS
Exploits2References2
Mageia
Mageia
added 2013/08/22 6:13 p.m.54 views

Updated python-django packages fix CVE-2013-4249

Updated python-django package fixes security vulnerability: The issafeurl function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript. CVE-2013-42...

4.3CVSS0.4AI score0.0288EPSS
Exploits2References2
Rows per page
Query Builder