CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2016-6186 – Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-6186
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML. Vulnerabilidad de XSS en la función dismissChangeRelatedObjectPopup en contrib/admin/static/admin/js/admin/RelatedObjectLookups.js en Django en versiones anteriores a 1.8.14, 1.9.x en versiones anteriores a 1.9.8 y 1.10.x en versiones anteriores a 1.10rc1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectors relacionados con el uso no seguro de Element.innerHTML. A cross-site scripting (XSS) flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related pop-up. Element.textContent is now used to prevent XSS data execution. • https://www.exploit-db.com/exploits/40129 http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html http://rhn.redhat.com/errata/RHSA-2016-1594.html http://rhn.redhat.com/errata/RHSA-2016-1595.html http://rhn.redhat.com/errata/RHSA-2016-1596.html http://seclists.org/fulldisclosure/2016/Jul/53 http://www.debian.org/security/2016/dsa-3622 http://www.securityfocus.com/archive/1/538947/100/0/threaded http://www.securityfocus.com/bid/92058 http:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2512 – python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
https://notcve.org/view.php?id=CVE-2016-2512
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. La función utils.http.is_safe_url en Django en versiones anteriores a 1.8.10 y 1.9.x en versiones anteriores a 1.9.3 permite a atacantes remotos redirigir a usuarios a páginas web arbitrarias y llevar a cabo ataques de phishing o posiblemente llevar a cabo ataques de XSS a través de una URL que contiene autenticación básica, según lo demostrado por http://mysite.example.com\@attacker.com. An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site. • http://rhn.redhat.com/errata/RHSA-2016-0502.html http://rhn.redhat.com/errata/RHSA-2016-0504.html http://rhn.redhat.com/errata/RHSA-2016-0505.html http://rhn.redhat.com/errata/RHSA-2016-0506.html http://www.debian.org/security/2016/dsa-3544 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/83879 http://www.securitytracker.com/id/1035152 http://www.ubuntu.com/usn/USN-2915-1 http://www.ubuntu.com/usn&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2513 – python-django: User enumeration through timing difference on password hasher work factor upgrade
https://notcve.org/view.php?id=CVE-2016-2513
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. El hasher de contraseñas en contrib/auth/hashers.py en Django en versiones anteriores a 1.8.10 y 1.9.x en versiones anteriores a 1.9.3 permite a atacantes remotos enumerar usuarios a través de un ataque de sincronización que implica peticiones de login. A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. • http://rhn.redhat.com/errata/RHSA-2016-0502.html http://rhn.redhat.com/errata/RHSA-2016-0504.html http://rhn.redhat.com/errata/RHSA-2016-0505.html http://rhn.redhat.com/errata/RHSA-2016-0506.html http://www.debian.org/security/2016/dsa-3544 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/83878 http://www.securitytracker.com/id/1035152 http://www.ubuntu.com/usn/USN-2915-1 http://www.ubuntu.com/usn&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8213 – python-django: Information leak through date template filter
https://notcve.org/view.php?id=CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. La función get_format en utils/formats.py en Django en versiones anteriores a 1.7.x en versiones anteriores a 1.7.11, 1.8.x en versiones anteriores a 1.8.7 y 1.9.x en versiones anteriores a 1.9rc2 puede permitir a atacantes remotos obtener secretos sensibles de aplicaciones a través de una clave de ajustes en lugar de un ajuste de formato de fecha/hora, según lo demostrado por SECRET_KEY. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2016-0129.html http://rhn.redhat.com/errata/RHSA-2016-0156.html http://rhn.redhat.com/errata/RHSA-2016-0157.html http://rhn.redhat.com/errata/RHSA-2016-0158.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 2%CPEs: 43EXPL: 0CVE-2015-5963 – python-django: Denial-of-service possibility in logout() view by filling session store
https://notcve.org/view.php?id=CVE-2015-5963
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. Vulnerabilidad en contrib.sessions.middleware.SessionMiddleware en Django 1.8.x en versiones anteriores a 1.8.4, 1.7.x en versiones anteriores a 1.7.10, 1.4.x en versiones anteriores a 1.4.22 y posiblemente otras versiones, permite a atacantes remotos causar una denegación de servicio (consumo de almacén de sesión o eliminación de registro de sesión) a través de un gran número de peticiones a contrib.auth.views.logout, lo que desencadena la creación de un registro de sesión vacío. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html http://rhn.redhat.com/errata/RHSA-2015-1766.html http://rhn.redhat.com/errata/RHSA-2015-1767.html http://rhn.redhat.com/errata/RHSA-2015-1894.html http://www.debian.org/security/2015/dsa-3338 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http: • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •