PYSEC-2008-1

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2008-1.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2008-1

Aliases

CVE-2008-2302
GHSA-54qj-48vx-cr9f

Published

2008-05-23T15:32:00Z

Modified

2023-11-01T04:43:50.415730Z

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

References

http://www.djangoproject.com/weblog/2008/may/14/security/
http://www.securityfocus.com/bid/29209
http://securitytracker.com/id?1020028
http://secunia.com/advisories/30250
http://secunia.com/advisories/30291
http://www.vupen.com/english/advisories/2008/1618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.0.4