Описание
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.8.7-1ubuntu6 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/xenial | not-affected | 1.8.7-1ubuntu5.1 |
| precise | not-affected | code not present |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | released | 1.9.8, 1.8.14 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | code not present |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedOb ...
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3