Lucene search
K

5 matches found

OSV
OSV
added 2022/05/17 12:23 a.m.25 views

GHSA-9CWG-MHXF-HH59 Django cross-site scripting (XSS) vulnerability via is_safe_url function

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...

6.1CVSS5.4AI score0.02297EPSS
Exploits0References13
Prion
Prion
added 2013/10/04 5:55 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

4.3CVSS6AI score0.0288EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2013/10/04 5:55 p.m.34 views

PYSEC-2013-21

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...

4.3CVSS0.6AI score0.02297EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2013/10/04 5:0 p.m.18 views

CVE-2013-4249

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

4.3CVSS5.5AI score0.0288EPSS
Exploits2
CVE
CVE
added 2013/10/04 5:0 p.m.69 views

CVE-2013-4249

CVE-2013-4249 affects Django’s AdminURLFieldWidget in contrib/admin/widgets.py, enabling XSS via URLField input. The issue is in Django 1.5.x prior to 1.5.2 and 1.6.x prior to 1.6 beta 2, where user-supplied URLs can inject script/HTML. In the connected records, upstream Django issued security re...

4.3CVSS5.5AI score0.0288EPSS
Exploits2References8Affected Software1
Rows per page
Query Builder