Skip to content

Cross-site scripting in django

Moderate severity GitHub Reviewed Published Jul 23, 2018 to the GitHub Advisory Database • Updated Mar 7, 2024

Package

pip django (pip)

Affected versions

>= 1.2.0, < 1.2.2

Patched versions

1.2.2

Description

Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.

References

Published to the GitHub Advisory Database Jul 23, 2018
Reviewed Jun 16, 2020
Last updated Mar 7, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2010-3082

GHSA ID

GHSA-fxpg-gg9g-76gj

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.