Description

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.

Remediation

References

CVE-2013-4249

Related Vulnerabilities

WordPress Plugin WP Database Reset Multiple Security Bypass Vulnerabilities (3.1)

PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1748)

WordPress Plugin WP FullCalendar Security Bypass (1.4.1)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0702)

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

Severity

Medium

Classification

CVE-2013-4249 CWE-707

Tags

Missing Update Known Vulnerabilities