WEB APPLICATION VULNERABILITIES Standard & Premium

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2241)

Description

Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.

Remediation

References

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42008)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.6.1)

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-20717)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Cross-Site Scripting (2.2.7)

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)

Severity

Medium

Classification

CVE-2015-2241 CWE-707

Tags

Missing Update Known Vulnerabilities