Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-25986
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the ap...
Django-wiki Project Django-wiki
3.5
CVSSv2
CVE-2021-3950
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
4.3
CVSSv2
CVE-2021-3945
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
4.3
CVSSv2
CVE-2021-42134
The Unicorn framework prior to 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
Django-unicorn Unicorn
3.5
CVSSv2
CVE-2021-42053
The Unicorn framework up to and including 0.35.3 for Django allows XSS via component.name.
Django-unicorn Unicorn
5.5
CVSSv2
CVE-2021-40347
An issue exists in views/list.py in GNU Mailman Postorius prior to 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.
Postorius Project Postorius
6.5
CVSSv2
CVE-2021-32831
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values le...
Totaljs Total.js
7.5
CVSSv2
CVE-2020-18704
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote malicious users to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'.
Fusionbox Widgy 0.8.4
7.5
CVSSv2
CVE-2021-35042
Django 3.1.x prior to 3.1.13 and 3.2.x prior to 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Djangoproject Django
Fedoraproject Fedora 34
9 Github repositories
3.5
CVSSv2
CVE-2021-32681
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions before 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text Stre...
Torchbox Wagtail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »