EUVD-2020-0066

Malware in sbrugna...

CVE-2020-5224

In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...

CVE-2020-5224

In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...

CVE-2020-5224

In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...

CVE-2020-5224 Session key exposure through session list in Django User Sessions

In Django User Sessions django-user-sessions before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the...

CVE-2020-5224

In Django User Sessions (django-user-sessions) before 1.7.1, the session management views render the session key in HTML, enabling an attacker to exfiltrate the key via an XSS payload in the presence of a vulnerable site. This can lead to session takeover. Affected component: django-user-sessions...

Session key exposure through session list in Django User Sessions

Impact The views provided by django-user-sessions allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted ...