Description

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Remediation

References

CVE-2019-3498

Related Vulnerabilities

MySQL CVE-2017-10286 Vulnerability (CVE-2017-10286)

WordPress Plugin Unite Gallery Lite Multiple Vulnerabilities (1.4.6)

WordPress Plugin WP Inventory Manager Cross-Site Scripting (1.7.8)

Ruby Improper Input Validation Vulnerability (CVE-2015-1855)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2011-1928)

Severity

Medium

Classification

CVE-2019-3498 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities