CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3950 – Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk
https://notcve.org/view.php?id=CVE-2021-3950
19 Nov 2021 — django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') django-helpdesk es vulnerable a una Neutralización Inapropiada de Entradas durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/django-helpdesk/django-helpdesk/commit/04483bdac3b5196737516398b5ce0383875a5c60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3945 – Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk
https://notcve.org/view.php?id=CVE-2021-3945
13 Nov 2021 — django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') django-helpdesk es vulnerable a una Neutralización Inapropiada de Entradas Durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/django-helpdesk/django-helpdesk/commit/2c7065e0c4296e0c692fb4a7ee19c7357583af30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15225 – Denial of Service vulnerability in django-filter
https://notcve.org/view.php?id=CVE-2020-15225
29 Apr 2021 — django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implemen... • https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21416 – Potential sensitive information disclosed in error reports
https://notcve.org/view.php?id=CVE-2021-21416
01 Apr 2021 — django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site... • https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17495
https://notcve.org/view.php?id=CVE-2020-17495
11 Aug 2020 — django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. django-celery-results versiones hasta 1.2.1, almacena los resultados de las tareas en la base de datos. Entre los datos que almacena se encuentran las variables pasadas a las tareas. Las variables pueden contener información confidencial en texto sin cifrar que no ... • https://github.com/celery/django-celery-results/issues/142 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15105 – In Django Two-Factor Authentication, user passwords are stored in clear text in the Django session
https://notcve.org/view.php?id=CVE-2020-15105
10 Jul 2020 — Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authentication code. This means that the password is stored in clear text in the session for an arbitrary amount of time, and potentially forever if the user begins the login process by entering their username and password a... • https://github.com/Bouke/django-two-factor-auth/blob/master/CHANGELOG.md#112---2020-07-08 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4071 – Timing attack on django-basic-auth-ip-whitelist
https://notcve.org/view.php?id=CVE-2020-4071
24 Jun 2020 — In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to w... • https://github.com/tm-kn/django-basic-auth-ip-whitelist/security/advisories/GHSA-m38j-pmg3-v5x5 • CWE-208: Observable Timing Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10682
https://notcve.org/view.php?id=CVE-2019-10682
18 Mar 2020 — django-nopassword before 5.0.0 stores cleartext secrets in the database. django-nopassword versiones anteriores a 5.0.0, almacena secretos en texto sin cifrar en la base de datos. • https://github.com/relekang/django-nopassword/blob/8e8cfc765ee00adfed120c2c79bf71ef856e9022/nopassword/models.py#L14 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5224 – Session key exposure through session list in Django User Sessions
https://notcve.org/view.php?id=CVE-2020-5224
24 Jan 2020 — In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. En Django User Sessions (django-user-sessions) versiones anteriores a 1.7.1, las vistas proporcionadas permiten a usuarios finalizar... • https://github.com/Bouke/django-user-sessions/security/advisories/GHSA-5fq8-3q2f-4m5g • CWE-287: Improper Authentication CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15486
https://notcve.org/view.php?id=CVE-2019-15486
23 Aug 2019 — django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. django-js-reverse (también conocido como Django JS Reverse) anterior de la versión 0.9.1 tiene XSS a través de js_reverse_inline. • https://github.com/ierror/django-js-reverse/compare/v0.9.0...v0.9.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •