Description
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
Remediation
References
Related Vulnerabilities
Nginx Improper Certificate Validation Vulnerability (CVE-2021-3618)
WordPress Plugin Feedweb Unspecified Vulnerability (3.0.10)
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)
OpenSSL Other Vulnerability (CVE-2014-3510)
DOMPurify URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-25155)