Description
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
Remediation
References
Related Vulnerabilities
WordPress Plugin Breezing Forms Cross-Site Scripting (1.2.7.42)
Internet Information Services Other Vulnerability (CVE-2000-0408)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5651)
WordPress Plugin Social Media Share Buttons & Social Sharing Icons Security Bypass (1.5.1)