Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django prior to 1.7.6 and 1.8 prior to 1.8b2 allows remote malicious users to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
djangoproject django 1.8 |