CVE-2008-2302 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=0.91 <0.91.2 || >=0.95 <0.95.3 || >=0.96 <0.96.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00441 pctl0.62308

Details

Django Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

Metadata

Created: 2022-05-01T23:48:43Z
Modified: 2024-09-16T21:53:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-54qj-48vx-cr9f/GHSA-54qj-48vx-cr9f.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-54qj-48vx-cr9f
Finding: F425
Auto approve: 1