5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.3%
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
CPE | Name | Operator | Version |
---|---|---|---|
opensuse:opensuse | opensuse | eq | 12.3 |
opensuse:opensuse | opensuse | eq | 13.1 |