Open edX Platform 跨站脚本漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has a cross-site scripting vulnerability. This vulnerability arises from the...

PT-2026-4843

Name of the Vulnerable Software and Affected Versions MobSF versions prior to 4.4.5 Description MobSF, a mobile application security testing tool, contains a Stored Cross-site Scripting XSS vulnerability in its Android manifest analysis feature. This flaw allows an attacker to execute arbitrary...

SUSE CVE-2016-2512

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

PT-2017-17595 · Django +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.10 before 1.10.7 Django versions 1.9 before 1.9.13 Django versions 1.8 before 1.8.18 Description: The issue relies on user input to redirect the user to an "on success" URL. The security check for these redirects, namely...

DEBIAN-CVE-2015-0220

The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...