Safety vulnerability ID: 35291
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
https://www.djangoproject.com/weblog/2008/may/14/security
Latest version: 5.1.4
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
CONFIRM:http://www.djangoproject.com/weblog/2008/may/14/security/: http://www.djangoproject.com/weblog/2008/may/14/security/
BID:29209: http://www.securityfocus.com/bid/29209
SECUNIA:30291: http://secunia.com/advisories/30291
VUPEN:ADV-2008-1618: http://www.vupen.com/english/advisories/2008/1618
SECTRACK:1020028: http://securitytracker.com/id?1020028
SECUNIA:30250: http://secunia.com/advisories/30250
XF:django-loginform-xss(42396): https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application