CVE-2008-2302

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-05-23 15:32

Updated : 2024-02-28 11:21


NVD link : CVE-2008-2302

Mitre link : CVE-2008-2302

CVE.ORG link : CVE-2008-2302


JSON object : View

Products Affected

django_project

  • django
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')