CVE Vulnerability

CVE-2008-2302

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.djangoproject.com/weblog/2008/may/14/security/ Patch
http://www.securityfocus.com/bid/29209 Patch
http://securitytracker.com/id?1020028
http://secunia.com/advisories/30250 Patch Vendor Advisory
http://secunia.com/advisories/30291
http://www.vupen.com/english/advisories/2008/1618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
Configurations

Configuration 1

cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
Information

Published : 2008-05-23 03:32

Updated : 2017-08-08 01:30

NVD link : CVE-2008-2302

Mitre link : CVE-2008-2302

Products Affected
No products.
CWE
CWE-79