CVE-2012-3442 (retired)

Priority
Description
The (1) django.http.HttpResponseRedirect and (2)
django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2
and 1.4.x before 1.4.1 do not validate the scheme of a redirect target,
which might allow remote attackers to conduct cross-site scripting (XSS)
attacks via a data: URL.
Notes
 mdeslaur> possible regression, see LP: #1031733
More Information

Updated: 2019-03-26 12:02:59 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)