Описание
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.7.6-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | |
| lucid | not-affected | |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | released | 1.7.6-1 |
| utopic | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Cross-site scripting (XSS) vulnerability in the contents function in a ...
EPSS
4.3 Medium
CVSS2