Cross-Site Scripting Vulnerability in Django Framework by Django Software Foundation
CVE-2015-2317

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Fedora; Debian Linux; Opensuse
Vendor: CVE Published:; 25 March 2015

Summary

Django's utils.http.is_safe_url function prior to version 1.8c1 is susceptible to improper URL validation, which invites remote attackers to exploit this gap via malicious URLs containing control characters. This can result in cross-site scripting (XSS) attacks, a significant security risk for web applications relying on Django, allowing attackers to execute arbitrary scripts in the context of the user's browser.

References

http://ubuntu.com/usn/usn-2539-1

vendor-advisoryx_refsource_UBUNTU

http://www.securityfocus.com/bid/73319

vdb-entryx_refsource_BID

http://www.debian.org/security/2015/dsa-3204

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Mar 25, 2015
Vulnerability Reserved
Mar 17, 2015