5 matches found
SUSE CVE-2017-7233
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects namely django.utils.http.issafeurl considered some numeric URLs "safe" when they shouldn't be, aka an open...
Open Redirect And Cross-site Scripting (XSS)
django is vulnerable to open redirect and cross-site scripting XSS attacks.The library's security check for redirects considers certain numeric URLs as safe, allowing a malicious user to cause an open redirect or cross-site scripting attack via URL linking...
GHSA-37HP-765X-J95X Django open redirect and possible XSS attack via user-supplied numeric redirect URLs
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects namely django.utils.http.issafeurl considered some numeric URLs "safe" when they shouldn't be, aka an open...
Django open redirect and possible XSS attack via user-supplied numeric redirect URLs
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects namely django.utils.http.issafeurl considered some numeric URLs "safe" when they shouldn't be, aka an open...
Open Redirect And Cross-site Scripting (XSS)
django is vulnerable to open redirect and cross-site scripting XSS attacks.The library's security check for redirects considers certain numeric URLs as safe, allowing a malicious user to cause an open redirect or cross-site scripting attack via URL linking...