Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Django Improper Input Validation Vulnerability (CVE-2014-0480)

Description

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.

Remediation

References

Related Vulnerabilities

WordPress Plugin BSK PDF Manager Multiple Cross-Site Scripting Vulnerabilities (1.3)

WordPress Plugin Login With Ajax Cross-Site Request Forgery (3.0.4.1)

ownCloud Session Fixation Vulnerability (CVE-2021-35948)

WordPress Plugin AdVert Cross-Site Scripting (1.0.5)

AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25844)

Severity

Medium

Classification

CVE-2014-0480 CWE-20

Tags

Missing Update Known Vulnerabilities