Vulnerability Details CVE-2008-2302
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/30250
- http://secunia.com/advisories/30291
- http://securitytracker.com/id?1020028
- http://www.djangoproject.com/weblog/2008/may/14/security/
- http://www.securityfocus.com/bid/29209
- http://www.vupen.com/english/advisories/2008/1618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
- http://secunia.com/advisories/30250
- http://secunia.com/advisories/30291
- http://securitytracker.com/id?1020028
- http://www.djangoproject.com/weblog/2008/may/14/security/
- http://www.securityfocus.com/bid/29209
- http://www.vupen.com/english/advisories/2008/1618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
Products affected by CVE-2008-2302
-
cpe:2.3:a:django_project:django:0.91
-
cpe:2.3:a:django_project:django:0.95
-
cpe:2.3:a:django_project:django:0.96