CVE-2008-2302

EUVD-2008-0002
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
django_projectdjango
0.91
django_projectdjango
0.95
django_projectdjango
0.96
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-django
bookworm
3:3.2.19-1+deb12u1
fixed
bookworm (security)
3:3.2.19-1+deb12u1
fixed
bullseye
2:2.2.28-1~deb11u2
fixed
bullseye (security)
2:2.2.28-1~deb11u2
fixed
sid
3:4.2.16-1
fixed
trixie
3:4.2.16-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-django
dapper
dne
feisty
Fixed 0.95.1-1ubuntu.2
released
gutsy
Fixed 0.96-1ubuntu0.2
released
hardy
Fixed 0.96.1-2ubuntu2.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/30250
http://secunia.com/advisories/30291
http://securitytracker.com/id?1020028
http://www.djangoproject.com/weblog/2008/may/14/security/
http://www.securityfocus.com/bid/29209
http://www.vupen.com/english/advisories/2008/1618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
http://secunia.com/advisories/30250
http://secunia.com/advisories/30291
http://securitytracker.com/id?1020028
http://www.djangoproject.com/weblog/2008/may/14/security/
http://www.securityfocus.com/bid/29209
http://www.vupen.com/english/advisories/2008/1618
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396