CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
72.2%
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
Vendor | Product | Version | CPE |
---|---|---|---|
djangoproject | django | 1.0 | cpe:/a:djangoproject:django:1.0::: |
djangoproject | django | 1.0 | cpe:/a:djangoproject:django:1.0:alpha2:: |
djangoproject | django | 1.2.4 | cpe:/a:djangoproject:django:1.2.4::: |
djangoproject | django | 1.2 | cpe:/a:djangoproject:django:1.2:beta1:: |
djangoproject | django | 1.0.1 | cpe:/a:djangoproject:django:1.0.1::: |
djangoproject | django | 1.4 | cpe:/a:djangoproject:django:1.4::: |
djangoproject | django | 1.2 | cpe:/a:djangoproject:django:1.2:rc1:: |
djangoproject | django | 1.1 | cpe:/a:djangoproject:django:1.1:alpha1:: |
djangoproject | django | cpe:/a:djangoproject:django:::: | |
djangoproject | django | 1.0 | cpe:/a:djangoproject:django:1.0:beta:: |
More