CVE-2010-3082
Published: 14 September 2010
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
Notes
Author | Note |
---|---|
jdstrand | vulnerability not present before 1.2 1.2.2 introduced regressions. Need 1.2.3 |
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
upstream |
Released
(1.2.3-1)
|
dapper |
Does not exist
|
|
hardy |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
(1.1.1-2ubuntu1)
|
|
maverick |
Released
(1.2.3-1ubuntu0.1)
|
|
Patches: upstream: http://code.djangoproject.com/changeset/13699 |