CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33185 – Incorrect signature verification in django-ses
https://notcve.org/view.php?id=CVE-2023-33185
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0. • https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795 https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-15010 – University of Cambridge django-ucamlookup Lookup cross site scripting
https://notcve.org/view.php?id=CVE-2016-15010
A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. • https://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3 https://github.com/uisautomation/django-ucamlookup/releases/tag/1.9.2 https://vuldb.com/?ctiid.217441 https://vuldb.com/?id.217441 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4595 – django-openipam exposed_hosts.html cross site scripting
https://notcve.org/view.php?id=CVE-2022-4595
A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam/report/templates/report/exposed_hosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a6223a1150d60cd036106ba6a8e676c1bfc3cc85. • https://github.com/openipam/django-openipam/commit/a6223a1150d60cd036106ba6a8e676c1bfc3cc85 https://github.com/openipam/django-openipam/pull/205 https://vuldb.com/?id.216189 • CWE-707: Improper Neutralization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4589 – cyface Terms and Conditions Module views.py returnTo redirect
https://notcve.org/view.php?id=CVE-2022-4589
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. • https://github.com/cyface/django-termsandconditions/commit/03396a1c2e0af95e12a45c5faef7e47a4b513e1a https://github.com/cyface/django-termsandconditions/pull/239 https://github.com/cyface/django-termsandconditions/releases/tag/v2.0.10 https://vuldb.com/?id.216175 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4526 – django-photologue Default Template photo_detail.html cross site scripting
https://notcve.org/view.php?id=CVE-2022-4526
A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photo_detail.html of the component Default Template Handler. The manipulation of the argument object.caption leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.16 is able to address this issue. • https://github.com/richardbarran/django-photologue/commit/960cb060ce5e2964e6d716ff787c72fc18a371e7 https://github.com/richardbarran/django-photologue/issues/223 https://vuldb.com/?id.215906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •