11 matches found
EUVD-2020-0068
Malware in sbrugna...
XSS in Django
An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
FreeBSD : Django -- multiple vulnerabilities (597d02ce-a66c-11ea-af32-080027846a02)
Django security release reports : CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...
[SECURITY] [DLA 2233-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u9 CVE IDs : CVE-2020-13254 CVE-2020-13596 It was discovered that there were two issues in Django, the Python web development framework: CVE-2020-13254: Potential a data leakage via malformed memcached keys. In cases where a memcached backend does no...
DEBIAN-CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
PYSEC-2020-32
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
Design/Logic Flaw
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
PYSEC-2020-32
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
PT-2020-5464 · Django +3 · Django +3
Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.13 Django versions 3.0 before 3.0.7 Description: An issue in the Django admin ForeignKeyRawIdWidget allows for a possibility of an XSS attack due to query parameters not being properly URL encoded. This could...