Published: 05/08/2016 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django prior to 1.8.14, 1.9.x prior to 1.9.8, and 1.10.x prior to 1.10rc1 allows remote malicious users to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
djangoproject django 1.10
djangoproject django 1.9.6
djangoproject django 1.9.0
djangoproject django 1.9.5
djangoproject django
djangoproject django 1.9.3
djangoproject django 1.9.4
djangoproject django 1.9.7
djangoproject django 1.9.1
djangoproject django 1.9
djangoproject django 1.9.2

Debian Bug report logs - #831799 python-django: CVE-2016-6186: XSS in admin's add/change related popup Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Jul 2016 1 ...

A security issue was fixed in Django ...

A cross-site scripting (XSS) flaw was found in Django An attacker could exploit the unsafe usage of JavaScript's ElementinnerHTML to forge content in the admin's add/change related pop-up ElementtextContent is now used to prevent XSS data execution ...

Document Title: =============== Django CMS v330 - (Editor Snippet) Persistent Web Vulnerability References (Source): ==================== wwwvulnerability-labcom/get_contentphp?id=1869 Security Release: wwwdjangoprojectcom/weblog/2016/jul/18/security-releases/ webnvdnistgov/view/vuln/detail?vulnId=CVE-2016-6186 ...

Django version 330 suffers from a malicious client-side script insertion vulnerability ...

CWE-79 http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html http://www.vulnerability-lab.com/get_content.php?id=1869 http://www.securitytracker.com/id/1036338 http://www.ubuntu.com/usn/USN-3039-1 http://www.debian.org/security/2016/dsa-3622 https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158 https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d https://www.djangoproject.com/weblog/2016/jul/18/security-releases/http://seclists.org/fulldisclosure/2016/Jul/53 http://www.securityfocus.com/bid/92058 http://rhn.redhat.com/errata/RHSA-2016-1596.html http://rhn.redhat.com/errata/RHSA-2016-1595.html https://www.exploit-db.com/exploits/40129/http://rhn.redhat.com/errata/RHSA-2016-1594.html http://www.securityfocus.com/archive/1/538947/100/0/threaded https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831799 https://usn.ubuntu.com/3039-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/40129/

CVE-2016-6186

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect