Description
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Remediation
References
Related Vulnerabilities
WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (2.6.7)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17081)
WordPress Plugin RSVPMaker SQL Injection (9.2.5)
SharePoint CVE-2021-31964 Vulnerability (CVE-2021-31964)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-0205)