Description
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
Remediation
References
Related Vulnerabilities
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)
WordPress Plugin Dropdown and scrollable Text Cross-Site Scripting (2.0)
Oracle JRE CVE-2018-2825 Vulnerability (CVE-2018-2825)
Internet Information Services Other Vulnerability (CVE-1999-0012)