Количество 8
Количество 8
GHSA-9r8w-6x8c-6jr9
Django vulnerable to XSS on 500 pages
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ...
BDU:2019-04056
Уязвимость функции авто-экранирования HTML библиотеки Django для языка программирования Python, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
openSUSE-SU-2018:0826-1
Security update for python-Django
openSUSE-SU-2018:0824-1
Security update for python3-Django
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-9r8w-6x8c-6jr9 Django vulnerable to XSS on 500 pages | CVSS3: 6.1 | 17% Средний | больше 6 лет назад |
 | CVE-2017-12794 In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. | CVSS3: 6.1 | 17% Средний | почти 8 лет назад |
 | CVE-2017-12794 In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. | CVSS3: 4 | 17% Средний | почти 8 лет назад |
 | CVE-2017-12794 In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. | CVSS3: 6.1 | 17% Средний | почти 8 лет назад |
| CVE-2017-12794 In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ... | CVSS3: 6.1 | 17% Средний | почти 8 лет назад |
 | BDU:2019-04056 Уязвимость функции авто-экранирования HTML библиотеки Django для языка программирования Python, позволяющая нарушителю осуществлять межсайтовые сценарные атаки | CVSS3: 6.1 | 17% Средний | почти 8 лет назад |
 | openSUSE-SU-2018:0826-1 Security update for python-Django | около 7 лет назад | ||
| openSUSE-SU-2018:0824-1 Security update for python3-Django | около 7 лет назад |
Уязвимостей на страницу