Description
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9Confidentiality: None
Availability: None
Affected Packages2 packages
🔴Vulnerability Details
4GHSADjango Cross-site scripting (XSS) vulnerability↗2022-05-01 OSVDjango Cross-site scripting (XSS) vulnerability↗2022-05-01 CVEListCVE-2008-2302: Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0↗2008-05-23 OSVCVE-2008-2302: Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0↗2008-05-23 📋Vendor Advisories
2Red HatDjango: administration application XSS↗2008-05-15 DebianCVE-2008-2302: python-django - Cross-site scripting (XSS) vulnerability in the login form in the administration...↗2008 💬Community
1BugzillaCVE-2008-2302 Django: administration application XSS↗2008-05-14