CVE-2010-3082
published 2010-09-14CVE-2010-3082: Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.90%
77.1th percentile
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 1.2.3-1 (bookworm) | python-django 1.2.3-1 (bookworm) |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | >= 1.2 < 1.2.2 | 1.2.2 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site scripting in django
osv·2018-07-23
CVE-2010-3082 [MEDIUM] Cross-site scripting in django
Cross-site scripting in django
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
GHSA
Cross-site scripting in django
ghsa·2018-07-23
CVE-2010-3082 [MEDIUM] CWE-79 Cross-site scripting in django
Cross-site scripting in django
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
OSV
CVE-2010-3082: Cross-site scripting (XSS) vulnerability in Django 1
osv·2010-09-14·CVSS 4.3
CVE-2010-3082 [MEDIUM] CVE-2010-3082: Cross-site scripting (XSS) vulnerability in Django 1
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
Ubuntu
Django vulnerability
vendor_ubuntu·2010-10-13
CVE-2010-3082 Django vulnerability
Title: Django vulnerability
Summary: Django could be made to insert arbitrary content into web forms.
It was discovered that Django did not properly sanitize the cookie value
when applying CSRF protections resulting in a cross-site scripting (XSS)
vulnerability. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2010-3082: python-django - Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows rem...
vendor_debian·2010·CVSS 4.3
CVE-2010-3082 [MEDIUM] CVE-2010-3082: python-django - Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows rem...
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
Scope: local
bookworm: resolved (fixed in 1.2.3-1)
bullseye: resolved (fixed in 1.2.3-1)
forky: resolved (fixed in 1.2.3-1)
sid: resolved (fixed in 1.2.3-1)
trixie: resolved (fixed in 1.2.3-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-3082 Django CSRF flaw
bugzilla·2010-09-09·CVSS 4.3
CVE-2010-3082 [MEDIUM] CVE-2010-3082 Django CSRF flaw
CVE-2010-3082 Django CSRF flaw
As of the 1.2 release, the core Django framework includes a system, enabled
by default, for detecting and preventing cross-site request forgery (CSRF)
attacks against Django-powered applications. Previous Django releases
provided a different, optionally-enabled system for the same purpose.
The Django 1.2 CSRF protection system involves the generation of a random
token, inserted as a hidden field in outgoing forms. The same value is also
set in a cookie, and the cookie value and form value are compared on
submission.
The provided template tag for inserting the CSRF token into forms -- {%
csrf_token %} -- explicitly trusts the cookie value, and displays it as-is.
Thus, an attacker who is able to tamper with the value of the CSRF cookie
can cause arbitrary co
Bugzilla
CVE-2010-3082 Django CSRF flaw [fedora-all]
bugzilla·2010-09-09·CVSS 4.3
CVE-2010-3082 [MEDIUM] CVE-2010-3082 Django CSRF flaw [fedora-all]
CVE-2010-3082 Django CSRF flaw [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=632239
Please note: this issue affects multiple supported versions of Fedora.
http://marc.info/?l=oss-security&m=128403961700444&w=2http://www.djangoproject.com/weblog/2010/sep/08/security-release/http://www.securityfocus.com/bid/43116http://www.ubuntu.com/usn/USN-1004-1https://bugzilla.redhat.com/show_bug.cgi?id=632239https://exchange.xforce.ibmcloud.com/vulnerabilities/61729http://marc.info/?l=oss-security&m=128403961700444&w=2http://www.djangoproject.com/weblog/2010/sep/08/security-release/http://www.securityfocus.com/bid/43116http://www.ubuntu.com/usn/USN-1004-1https://bugzilla.redhat.com/show_bug.cgi?id=632239https://exchange.xforce.ibmcloud.com/vulnerabilities/61729
2010-09-14
Published