XSS in Django

Posted on Posted in Django

Description: Multiple vulnerabilities had been recently eliminated in Django framework.

Detailed list:

  • Cross-site scripting - The disclosed vulnerability allows a remote attacker to redirect website visitors to external websites and perform cross-site scripting (XSS) attacks.
    The vulnerability is caused by incorrect filtration of input data.
  • Open redirect - The vulnerability allows a remote attacker to redirect website visitors to external websites.

Affected versions: Django 1.8.x, 1.9.x, 1.10.x

Recommended action: Update to version 1.8.18, 1.9.13, 1.10.7

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *