Lucene search
Ubuntu.comUB:CVE-2015-0220HistoryJan 13, 2015 - 12:00 a.m.
CVE-2015-0220
2015-01-1300:00:00
ubuntu.com
ubuntu.com
15
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.007
Percentile
81.0%
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x
before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading
whitespaces, which allows remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated
by a “\njavascript:” URL.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | python-django | < 1.1.1-2ubuntu1.14 | UNKNOWN |
| ubuntu | 12.04 | noarch | python-django | < 1.3.1-4ubuntu1.13 | UNKNOWN |
| ubuntu | 14.04 | noarch | python-django | < 1.6.1-2ubuntu0.6 | UNKNOWN |
| ubuntu | 14.10 | noarch | python-django | < 1.6.6-1ubuntu2.1 | UNKNOWN |
Related
cvelist
cvelist
CVE-2015-0220
2015-01-16 16:00:00
osv
osv
Django Cross-site Scripting Vulnerability
2022-05-17 03:20:49
PYSEC-2015-5
2015-01-16 16:59:00
python-django - security update
2015-02-03 00:00:00
nvd
nvd
CVE-2015-0220
2015-01-16 16:59:19
prion
prion
Cross site scripting
2015-01-16 16:59:00
cve
cve
CVE-2015-0220
2015-01-16 16:59:19
debiancve
debiancve
CVE-2015-0220
2015-01-16 16:59:19
github
github
Django Cross-site Scripting Vulnerability
2022-05-17 03:20:49
openvas
openvas
Debian: Security Advisory (DLA-143-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3151-1 (python-django - security update)
2015-02-03 00:00:00
Debian: Security Advisory (DSA-3151-1)
2015-02-02 00:00:00
debian
debian
[SECURITY] [DSA 3151-1] python-django security update
2015-02-03 06:08:47
[SECURITY] [DSA 3151-1] python-django security update
2015-02-03 06:08:47
[SECURITY] [DLA 143-1] python-django security update
2015-01-29 11:15:16
nessus
nessus
Debian DSA-3151-1 : python-django - security update
2015-02-03 00:00:00
Mandriva Linux Security Advisory : python-django (MDVSA-2015:036)
2015-02-09 00:00:00
Ubuntu 14.04 LTS : Django vulnerabilities (USN-2469-1)
2015-01-14 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:036 ] python-django
2015-02-23 00:00:00
[USN-2469-1] Django vulnerabilities
2015-01-19 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: python-django-1.6.10-1.fc21
2015-01-26 02:32:42
[SECURITY] Fedora 20 Update: python-django14-1.4.18-1.fc20
2015-01-27 03:00:28
[SECURITY] Fedora 20 Update: python-django-1.6.10-1.fc20
2015-01-27 03:06:04
freebsd
freebsd
django -- multiple vulnerabilities
2015-01-13 00:00:00
ubuntu
ubuntu
Django regression
2015-02-04 00:00:00
Django vulnerabilities
2015-01-13 00:00:00
mageia
mageia
Updated python-django and python-django14 packages fix security vulnerabilities
2015-01-18 01:31:08
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.007
Percentile
81.0%
Related for UB:CVE-2015-0220