Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django prior to 1.8.14, 1.9.x prior to 1.9.8, and 1.10.x prior to 1.10rc1 allows remote malicious users to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
djangoproject django 1.10 |
||
djangoproject django 1.9.6 |
||
djangoproject django 1.9.0 |
||
djangoproject django 1.9.5 |
||
djangoproject django |
||
djangoproject django 1.9.3 |
||
djangoproject django 1.9.4 |
||
djangoproject django 1.9.7 |
||
djangoproject django 1.9.1 |
||
djangoproject django 1.9 |
||
djangoproject django 1.9.2 |