CVSS: 4.3EPSS: 3%CPEs: 53EXPL: 0CVE-2015-2317 – Ubuntu Security Notice USN-2539-1
https://notcve.org/view.php?id=CVE-2015-2317
23 Mar 2015 — The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. La función utils.http.is_safe_url en Django anterior a 1.4.20, 1.5.x, 1.6.x anterior a 1.6.11, 1.7.x anterior a 1.7.7, y 1.8.x anterior a 1.8c1 no valida correctamente las URLs, lo que permite a ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 3%CPEs: 36EXPL: 0CVE-2015-2316 – Ubuntu Security Notice USN-2539-1
https://notcve.org/view.php?id=CVE-2015-2316
23 Mar 2015 — The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. La función utils.html.strip_tags en Django 1.6.x anterior a 1.6.11, 1.7.x anterior a 1.7.7, y 1.8.x anterior a 1.8c1, cuando utiliza ciertos versiones de Python, permite a atacantes remotos causar una denegación de servicio (bucle infinito) mediant... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2015-2241 – Mandriva Linux Security Advisory 2015-109
https://notcve.org/view.php?id=CVE-2015-2241
12 Mar 2015 — Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. Vulnerabilidad de XSS en la función de contenidos en admin/helpers.py en Django anterior a 1.7.6 y 1.8 anterior a 1.8b2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un atributo de mode... • http://www.mandriva.com/security/advisories?name=MDVSA-2015:109 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •