GHSA-WQJJ-HX84-V449 Django Vulnerable to MySQL Injection

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

Cross-site Scripting (XSS)

facturascripts is vulnerable to cross-site scripting. An attacker is able to inject malicious code via model fields, allowing stealing of user's cookie, performing HTTP request and getting content of same origin page, and so on...