5.7 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.7%
It was discovered that Django did not properly validate HTTP requests that
contain an X-Requested-With header. An attacker could exploit this
vulnerability to perform cross-site request forgery (CSRF) attacks.
(CVE-2011-0696)
It was discovered that Django did not properly sanitize its input when
performing file uploads, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2011-0697)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | python-django | < 1.1.1-1ubuntu1.2 | UNKNOWN |
Ubuntu | 9.10 | noarch | python-django-doc | < 1.1.1-1ubuntu1.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | python-django | < 1.2.3-1ubuntu0.2.10.10.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | python-django-doc | < 1.2.3-1ubuntu0.2.10.10.2 | UNKNOWN |
Ubuntu | 10.04 | noarch | python-django | < 1.1.1-2ubuntu1.3 | UNKNOWN |
Ubuntu | 10.04 | noarch | python-django-doc | < 1.1.1-2ubuntu1.3 | UNKNOWN |