CVE-2008-2302

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
django_projectdjango
0.91
django_projectdjango
0.95
django_projectdjango
0.96
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-django
bullseye (security)
2:2.2.28-1~deb11u2
fixed
bullseye
2:2.2.28-1~deb11u2
fixed
bookworm
3:3.2.19-1+deb12u1
fixed
bookworm (security)
3:3.2.19-1+deb12u1
fixed
sid
3:4.2.16-1
fixed
trixie
3:4.2.16-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-django
hardy
Fixed 0.96.1-2ubuntu2.1
released
gutsy
Fixed 0.96-1ubuntu0.2
released
feisty
Fixed 0.95.1-1ubuntu.2
released
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/30250
http://secunia.com/advisories/30291
http://securitytracker.com/id?1020028
http://www.djangoproject.com/weblog/2008/may/14/security/
http://www.securityfocus.com/bid/29209
http://www.vupen.com/english/advisories/2008/1618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
http://secunia.com/advisories/30250
http://secunia.com/advisories/30291
http://securitytracker.com/id?1020028
http://www.djangoproject.com/weblog/2008/may/14/security/
http://www.securityfocus.com/bid/29209
http://www.vupen.com/english/advisories/2008/1618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396