Candidate: CVE-2013-4249
PublicDate: 2013-10-04 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4249
 https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/
Description:
 Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
 in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before
 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML
 via a URLField.
Ubuntu-Description:
Notes:
 mdeslaur> only affected 1.5.x+
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1212058
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python-django:
 upstream: https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a
upstream_python-django: released (1.5.2-1)
lucid_python-django: not-affected (1.1.1-2ubuntu1.8)
precise_python-django: not-affected (1.3.1-4ubuntu1.7)
quantal_python-django: not-affected (1.4.1-2ubuntu0.3)
raring_python-django: not-affected (1.4.5-1)
devel_python-django: not-affected (1.5.2-1)