Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6186)

Description

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

Remediation

References

Related Vulnerabilities

WordPress Plugin Cleeng-Sell your videos Cross-Site Scripting (2.3.2)

WordPress Plugin Structured Content (JSON-LD) #wpsc Cross-Site Scripting (1.5)

WordPress Plugin Product Catalog Multiple SQL Injection Vulnerabilities (2.1)

WordPress Plugin bbPress Cross-Site Scripting (2.5.6)

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)

Severity

Medium

Classification

CVE-2016-6186 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities