The utils.http.is_safe_url function in Django prior to 1.8.10 and 1.9.x prior to 1.9.3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by mysite.example.com\@attacker.com.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django 1.9 |
||
djangoproject django 1.9.2 |
||
djangoproject django 1.9.1 |
||
djangoproject django 1.8.9 |