CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 1CVE-2016-6186 – Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-6186
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML. Vulnerabilidad de XSS en la función dismissChangeRelatedObjectPopup en contrib/admin/static/admin/js/admin/RelatedObjectLookups.js en Django en versiones anteriores a 1.8.14, 1.9.x en versiones anteriores a 1.9.8 y 1.10.x en versiones anteriores a 1.10rc1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectors relacionados con el uso no seguro de Element.innerHTML. A cross-site scripting (XSS) flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related pop-up. Element.textContent is now used to prevent XSS data execution. • https://www.exploit-db.com/exploits/40129 http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html http://rhn.redhat.com/errata/RHSA-2016-1594.html http://rhn.redhat.com/errata/RHSA-2016-1595.html http://rhn.redhat.com/errata/RHSA-2016-1596.html http://seclists.org/fulldisclosure/2016/Jul/53 http://www.debian.org/security/2016/dsa-3622 http://www.securityfocus.com/archive/1/538947/100/0/threaded http://www.securityfocus.com/bid/92058 http:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2512 – python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
https://notcve.org/view.php?id=CVE-2016-2512
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. La función utils.http.is_safe_url en Django en versiones anteriores a 1.8.10 y 1.9.x en versiones anteriores a 1.9.3 permite a atacantes remotos redirigir a usuarios a páginas web arbitrarias y llevar a cabo ataques de phishing o posiblemente llevar a cabo ataques de XSS a través de una URL que contiene autenticación básica, según lo demostrado por http://mysite.example.com\@attacker.com. An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site. • http://rhn.redhat.com/errata/RHSA-2016-0502.html http://rhn.redhat.com/errata/RHSA-2016-0504.html http://rhn.redhat.com/errata/RHSA-2016-0505.html http://rhn.redhat.com/errata/RHSA-2016-0506.html http://www.debian.org/security/2016/dsa-3544 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/83879 http://www.securitytracker.com/id/1035152 http://www.ubuntu.com/usn/USN-2915-1 http://www.ubuntu.com/usn&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2513 – python-django: User enumeration through timing difference on password hasher work factor upgrade
https://notcve.org/view.php?id=CVE-2016-2513
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. El hasher de contraseñas en contrib/auth/hashers.py en Django en versiones anteriores a 1.8.10 y 1.9.x en versiones anteriores a 1.9.3 permite a atacantes remotos enumerar usuarios a través de un ataque de sincronización que implica peticiones de login. A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. • http://rhn.redhat.com/errata/RHSA-2016-0502.html http://rhn.redhat.com/errata/RHSA-2016-0504.html http://rhn.redhat.com/errata/RHSA-2016-0505.html http://rhn.redhat.com/errata/RHSA-2016-0506.html http://www.debian.org/security/2016/dsa-3544 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/83878 http://www.securitytracker.com/id/1035152 http://www.ubuntu.com/usn/USN-2915-1 http://www.ubuntu.com/usn&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2048
https://notcve.org/view.php?id=CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. Django 1.9.x en versiones anteriores a 1.9.2, cuando ModelAdmin.save_as se establece a verdadero, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y crear objetos ModelAdmin a través de la opción "Save as New" cuando se editan objetos y se aprovecha el permiso "change". • http://www.securityfocus.com/bid/82329 http://www.securitytracker.com/id/1034894 https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8213 – python-django: Information leak through date template filter
https://notcve.org/view.php?id=CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. La función get_format en utils/formats.py en Django en versiones anteriores a 1.7.x en versiones anteriores a 1.7.11, 1.8.x en versiones anteriores a 1.8.7 y 1.9.x en versiones anteriores a 1.9rc2 puede permitir a atacantes remotos obtener secretos sensibles de aplicaciones a través de una clave de ajustes en lugar de un ajuste de formato de fecha/hora, según lo demostrado por SECRET_KEY. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2016-0129.html http://rhn.redhat.com/errata/RHSA-2016-0156.html http://rhn.redhat.com/errata/RHSA-2016-0157.html http://rhn.redhat.com/errata/RHSA-2016-0158.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •