Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-2241

Published: 12/03/2015 Updated: 03/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Django

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django prior to 1.7.6 and 1.8 prior to 1.8b2 allows remote malicious users to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django

djangoproject django 1.8

Vendor Advisories

Red Hat: CVE-2015-2241
Cross-site scripting (XSS) vulnerability in the contents function in admin/helperspy in Django before 176 and 18 before 18b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdminreadonly_fields, as demonstrated by a @property ...

References

CWE-79https://code.djangoproject.com/ticket/24461https://www.djangoproject.com/weblog/2015/mar/09/security-releases/http://www.mandriva.com/security/advisories?name=MDVSA-2015:109http://www.securityfocus.com/bid/73095https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-2241
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook