The utils.http.is_safe_url function in Django prior to 1.4.20, 1.5.x, 1.6.x prior to 1.6.11, 1.7.x prior to 1.7.7, and 1.8.x prior to 1.8c1 does not properly validate URLs, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
fedoraproject fedora 22 |
||
debian debian linux 7.0 |
||
djangoproject django 1.5.1 |
||
djangoproject django 1.5.2 |
||
djangoproject django 1.5.10 |
||
djangoproject django 1.5.11 |
||
djangoproject django 1.6.1 |
||
djangoproject django 1.6.10 |
||
djangoproject django 1.6.8 |
||
djangoproject django 1.6.9 |
||
djangoproject django 1.7.1 |
||
djangoproject django 1.7.2 |
||
djangoproject django 1.5 |
||
djangoproject django 1.5.7 |
||
djangoproject django 1.5.8 |
||
djangoproject django 1.5.9 |
||
djangoproject django 1.6 |
||
djangoproject django 1.6.6 |
||
djangoproject django 1.6.7 |
||
djangoproject django 1.7 |
||
djangoproject django 1.8.0 |
||
djangoproject django |
||
djangoproject django 1.5.5 |
||
djangoproject django 1.5.6 |
||
djangoproject django 1.6.4 |
||
djangoproject django 1.6.5 |
||
djangoproject django 1.7.5 |
||
djangoproject django 1.7.6 |
||
djangoproject django 1.5.3 |
||
djangoproject django 1.5.4 |
||
djangoproject django 1.5.12 |
||
djangoproject django 1.6.2 |
||
djangoproject django 1.6.3 |
||
djangoproject django 1.7.3 |
||
djangoproject django 1.7.4 |
||
oracle solaris 11.2 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |