Описание
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-django | fixed | 1.2.5-1 | package | |
| python-django | not-affected | lenny | package | |
| python-django | fixed | 1.2.3-3+squeeze1 | squeeze | package |
Примечания
http://www.djangoproject.com/weblog/2011/feb/08/security/
EPSS
Процентиль: 86%
0.02962
Низкий
Связанные уязвимости
ubuntu
больше 14 лет назад
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
nvd
больше 14 лет назад
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
EPSS
Процентиль: 86%
0.02962
Низкий