Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-2241
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django prior to 1.7.6 and 1.8 prior to 1.8b2 allows remote malicious users to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @pr...
Djangoproject Django
Djangoproject Django 1.8
383
VMScore
CVE-2018-1000089
Anymail django-anymail version version 0.2 up to and including 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable...
Django-anymail Project Django-anymail
NA
CVE-2018-25045
Django REST framework (aka django-rest-framework) prior to 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
Django-rest-framework Django Rest Framework
534
VMScore
CVE-2016-2048
Django 1.9.x prior to 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
Djangoproject Django 1.9
Djangoproject Django 1.9.1
383
VMScore
CVE-2010-3082
Cross-site scripting (XSS) vulnerability in Django 1.2.x prior to 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
Djangoproject Django 1.2.2
Djangoproject Django 1.2.1
383
VMScore
CVE-2017-6591
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.
Django-epiceditor Project Django-epiceditor 0.2.3
445
VMScore
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 prior to 1.0.4 and 1.1 prior to 1.1.1 allows remote malicious users to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amou...
Djangoproject Django 1.0
Djangoproject Django 1.1
445
VMScore
CVE-2015-3982
The session.flush function in the cached_db backend in Django 1.8.x prior to 1.8.2 does not properly flush the session, which allows remote malicious users to hijack user sessions via an empty string in the session key.
Djangoproject Django 1.8.0
Djangoproject Django 1.8.1
668
VMScore
CVE-2019-13177
verification.py in django-rest-registration (aka Django REST Registration library) prior to 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote malicious users to spoof the verification process. This occurs because incorre...
Django-rest-registration Project Django-rest-registration
356
VMScore
CVE-2020-5224
In Django User Sessions (django-user-sessions) prior to 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS v...
Django-user-sessions Project Django-user-sessions
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »