Описание
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.4.1-1 |
| hardy | ignored | end of life |
| lucid | released | 1.1.1-2ubuntu1.5 |
| natty | released | 1.2.5-1ubuntu1.2 |
| oneiric | released | 1.3-2ubuntu1.3 |
| precise | released | 1.3.1-4ubuntu1.2 |
| upstream | released | 1.3.2,1.4.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...
EPSS
4.3 Medium
CVSS2