CVE-2010-3082 — Cross-site Scripting in Django

CWE-79 — Cross-site Scripting9 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedSep 14

Latest updateJul 23

Description

Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶PyPIdjangoproject/django1.2 — 1.2.2

▶NVDdjangoproject/django1.2.1, 1.2.2+1

Patches

Patch: www.djangoproject.com ↗Patch: www.securityfocus.com ↗Patch: www.djangoproject.com ↗

🔴Vulnerability Details

OSV

Cross-site scripting in django↗2018-07-23

▶

GHSA

Cross-site scripting in django↗2018-07-23

▶

OSV

CVE-2010-3082: Cross-site scripting (XSS) vulnerability in Django 1↗2010-09-14

▶

CVEList

CVE-2010-3082: Cross-site scripting (XSS) vulnerability in Django 1↗2010-09-14

▶

📋Vendor Advisories

Ubuntu

Django vulnerability↗2010-10-13

▶

Debian

CVE-2010-3082: python-django - Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows rem...↗2010

▶

💬Community

Bugzilla

CVE-2010-3082 Django CSRF flaw↗2010-09-09

▶

Bugzilla

CVE-2010-3082 Django CSRF flaw [fedora-all]↗2010-09-09

▶