Decription: Several vulnerabilities were reported in Django. A remote user can obtain potentially sensitive information on the target system. A remote user can gain access to the target system. A remote user can conduct cross-site scripting attacks.
On systems where tests were run with an Oracle database and a password was not manually specified in the database settings TEST dictionary, the system uses a hardcoded password [CVE-2016-9013]. A remote user can connect to the database server using the hardcoded password.
Affected versions: 1.8.x, 1.9.x, 1.10.x
Recommended action: Upgrade to the one of the latest branch updates (1.8.16, 1.9.11, 1.10.3)