Description

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.

Remediation

References

CVE-2012-3442

Related Vulnerabilities

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (7.8)

WordPress Other Vulnerability (CVE-2005-2109)

WordPress Plugin Duplicator-WordPress Migration Cross-Site Request Forgery (1.1.2)

WordPress Plugin Smartest Way To Design & Customize WordPress Comments & Comment Form-WP Comment Designer Lite includes Backdoor [Only if downloaded via the vendor website] (2.0.3)

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)

Severity

Medium

Classification

CVE-2012-3442 CWE-707

Tags

Missing Update Known Vulnerabilities