Lucene search
K

8 matches found

Nuclei
Nuclei
added yesterday95 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.6AI score0.23566EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.82 views

Ubuntu: Security Advisory (USN-3559-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.23566EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/27 12:0 a.m.70 views

openSUSE Security Update : python3-Django (openSUSE-2018-318)

This update for python3-Django to version 1.18.18 fixes multiple issues. Security issues fixed : - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters bsc1083304. -...

9.8CVSS6.1AI score0.23566EPSS
Exploits9References22
OSV
OSV
added 2018/03/07 1:14 p.m.8 views

OPENSUSE-SU-2018:0632-1 Security update for python-Django

This update for python-Django fixes the following issues: Update to version 1.11.10 LTS Fixes CVE-2018-6188 boo1077714, CVE-2017-7234, CVE-2017-7233, CVE-2017-12794...

7.5CVSS6.8AI score0.23566EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2018/02/08 12:0 a.m.24 views

Ubuntu 17.10 : python-django vulnerabilities (USN-3559-1)

It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

7.5CVSS6.4AI score0.23566EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2018/02/07 12:38 p.m.73 views

USN-3559-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188...

7.5CVSS6.5AI score0.23566EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/15 12:0 a.m.30 views

Fedora 26 : python-django (2017-8614a6e905)

fix CVE-2017-12794 rhbz1488764 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

6.1CVSS6.3AI score0.23566EPSS
Exploits0References2
CVE
CVE
added 2017/09/07 1:0 p.m.213 views

CVE-2017-12794

CVE-2017-12794 affects Django 1.10.x before 1.10.8 and Django 1.11.x before 1.11.5. The issue: HTML autoescaping is disabled in a portion of the technical 500 debug page, which under the right conditions (eg, DEBUG=True) enables a cross-site scripting attack. Impact as described: an attacker coul...

6.1CVSS5.8AI score0.23566EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder