Description

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Remediation

References

CVE-2012-4520

Related Vulnerabilities

PrestaShop Other Vulnerability (CVE-2020-15082)

WebLogic CVE-2024-21183 Vulnerability (CVE-2024-21183)

WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)

WordPress Plugin Custom Website Data Cross-Site Scripting (2.2)

IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)

Severity

Medium

Classification

CVE-2012-4520 CWE-20

Tags

Missing Update Known Vulnerabilities