Lucene search
Redhat.comRH:CVE-2017-12794HistorySep 06, 2017 - 8:21 a.m.
CVE-2017-12794
2017-09-0608:21:55
redhat.com
access.redhat.com
8
0.002 Low
EPSS
Percentile
60.1%
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn’t affect most production sites since you shouldn’t run with “DEBUG = True” (which makes this page accessible) in your production settings.
Related
nessus
nessus
FreeBSD : Django -- possible XSS in traceback section of technical 500 debug page (aaab03be-932d-11e7-92d8-4b26fc968492)
2017-09-07 00:00:00
Fedora 26 : python-django (2017-8614a6e905)
2017-09-15 00:00:00
Ubuntu 17.10 : python-django vulnerabilities (USN-3559-1)
2018-02-08 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-09-06 06:13:26
prion
prion
Cross site scripting
2017-09-07 13:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: python-django-1.10.8-1.fc26
2017-09-14 21:56:33
nvd
nvd
CVE-2017-12794
2017-09-07 13:29:00
cvelist
cvelist
CVE-2017-12794
2017-09-07 13:00:00
osv
osv
PYSEC-2017-44
2017-09-07 13:29:00
Django vulnerable to XSS on 500 pages
2019-01-04 17:50:34
CVE-2017-12794
2017-09-07 13:29:00
alpinelinux
alpinelinux
CVE-2017-12794
2017-09-07 13:29:00
debiancve
debiancve
CVE-2017-12794
2017-09-07 13:29:00
openvas
openvas
Fedora Update for python-django FEDORA-2017-8614a6e905
2017-09-15 00:00:00
Ubuntu: Security Advisory (USN-3559-1)
2018-10-26 00:00:00
ubuntucve
ubuntucve
CVE-2017-12794
2017-09-07 00:00:00
freebsd
freebsd
Django -- possible XSS in traceback section of technical 500 debug page
2017-09-05 00:00:00
nuclei
nuclei
Django Debug Page - Cross-Site Scripting
2021-06-24 15:49:12
github
github
Django vulnerable to XSS on 500 pages
2019-01-04 17:50:34
cve
cve
CVE-2017-12794
2017-09-07 13:29:00
ubuntu
ubuntu
Django vulnerabilities
2018-02-07 00:00:00
hackerone
hackerone