Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authent...
Django-mfa3 Project Django-mfa3
7.4
CVSSv3
CVE-2018-1000089
Anymail django-anymail version version 0.2 up to and including 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable...
Django-anymail Project Django-anymail
2.6
CVSSv3
CVE-2021-21416
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration before 3.1.2, the base user-account registration view did not properl...
Django-registration Project Django-registration
6.1
CVSSv3
CVE-2021-3945
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
5.4
CVSSv3
CVE-2021-3950
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
6.1
CVSSv3
CVE-2022-4526
A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photo_detail.html of the component Default Template Handler. The manipulation of the argumen...
Django-photologue Project Django-photologue
NA
CVE-2015-2241
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django prior to 1.7.6 and 1.8 prior to 1.8b2 allows remote malicious users to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @pr...
Djangoproject Django
Djangoproject Django 1.8
5.4
CVSSv3
CVE-2021-25986
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the ap...
Django-wiki Project Django-wiki
7.5
CVSSv3
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 prior to 2.5.1 and 2.6.x prior to 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
Django-mfa2 Project Django-mfa2
NA
CVE-2015-0846
django-markupfield prior to 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote malicious users to include and read arbitrary files via unspecified vectors.
Django-markupfield Project Django-markupfield
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »