Django@1.9.0 Security Vulnerabilities and Issues — Django@1.9.0 CVE List

Lucene search

DjangoprojectDjango1.9.0

3 matches found

CVE•added 2016/08/05 3:59 p.m.•403 views

CVE-2016-6186

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors i...

6.1CVSS5.9AI score0.13095EPSS

CVE•added 2016/10/03 6:59 p.m.•399 views

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

7.5CVSS7.5AI score0.06628EPSS

CVE•added 2015/12/07 8:59 p.m.•85 views

CVE-2015-8213

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.

5CVSS6.1AI score0.02962EPSS