CVE-2013-4249 — Cross-site Scripting in Django

CWE-79 — Cross-site Scripting8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedOct 4

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶PyPIdjangoproject/django1.5 — 1.5.2

▶NVDdjangoproject/django1.5, 1.5.1, 1.6+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget↗2022-05-17

▶

OSV

Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget↗2022-05-17

▶

OSV

CVE-2013-4249: Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets↗2013-10-04

▶

CVEList

CVE-2013-4249: Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets↗2013-10-04

▶

📋Vendor Advisories

Debian

CVE-2013-4249: python-django - Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in co...↗2013

▶

📄Research Papers

arXiv

DjangoChecker: Applying Extended Taint Tracking and Server Side Parsing for Detection of Context-Sensitive XSS Flaws↗2020-05-14

▶

💬Community

Bugzilla

CVE-2013-4249 python-django: XSS in admin interface↗2013-08-14

▶