6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%
django_grappelli is vulnerable to Open Redirect. The library attempts to prevent external redirection with startswith(/
) but this does not include protocol-relative URL attacks (e.g., //example.com), which allows a remote attacker to gain confidential information via views/switch.py
.
CPE | Name | Operator | Version |
---|---|---|---|
django-grappelli | le | 2.15.1 | |
django-grappelli | le | 2.15.1 |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%