CVE-2008-2302
Published: 23 May 2008
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
upstream |
Released
(0.96.2)
|
dapper |
Does not exist
|
|
feisty |
Released
(0.95.1-1ubuntu.2)
|
|
gutsy |
Released
(0.96-1ubuntu0.2)
|
|
hardy |
Released
(0.96.1-2ubuntu2.1)
|
|
intrepid |
Not vulnerable
(0.96.2-1ubuntu1)
|
|
Patches: vendor: http://www.djangoproject.com/weblog/2008/may/14/security/ debdiff: http://launchpad.net/bugs/234631 |