Vulnerability Description
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Django Project | Django | 0.91 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30250PatchVendor Advisory
- http://secunia.com/advisories/30291
- http://securitytracker.com/id?1020028
- http://www.djangoproject.com/weblog/2008/may/14/security/Patch
- http://www.securityfocus.com/bid/29209Patch
- http://www.vupen.com/english/advisories/2008/1618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
- http://secunia.com/advisories/30250PatchVendor Advisory
- http://secunia.com/advisories/30291
- http://securitytracker.com/id?1020028
- http://www.djangoproject.com/weblog/2008/may/14/security/Patch
- http://www.securityfocus.com/bid/29209Patch
- http://www.vupen.com/english/advisories/2008/1618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
FAQ
What is CVE-2008-2302?
CVE-2008-2302 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject ...
How severe is CVE-2008-2302?
CVE-2008-2302 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2302?
Check the references section above for vendor advisories and patch information. Affected products include: Django Project Django.