CVE-2008-2302

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*

History

21 Nov 2024, 00:46

Type Values Removed Values Added
References () http://secunia.com/advisories/30250 - Patch, Vendor Advisory () http://secunia.com/advisories/30250 - Patch, Vendor Advisory
References () http://secunia.com/advisories/30291 - () http://secunia.com/advisories/30291 -
References () http://securitytracker.com/id?1020028 - () http://securitytracker.com/id?1020028 -
References () http://www.djangoproject.com/weblog/2008/may/14/security/ - Patch () http://www.djangoproject.com/weblog/2008/may/14/security/ - Patch
References () http://www.securityfocus.com/bid/29209 - Patch () http://www.securityfocus.com/bid/29209 - Patch
References () http://www.vupen.com/english/advisories/2008/1618 - () http://www.vupen.com/english/advisories/2008/1618 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/42396 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/42396 -

Information

Published : 2008-05-23 15:32

Updated : 2024-11-21 00:46


NVD link : CVE-2008-2302

Mitre link : CVE-2008-2302

CVE.ORG link : CVE-2008-2302


JSON object : View

Products Affected

django_project

  • django
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')