Published: 03/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in Django 2.2 prior to 2.2.13 and 3.0 prior to 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django
fedoraproject fedora 32
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
netapp steelstore cloud integrated storage -
netapp sra plugin -
debian debian linux 9.0
debian debian linux 10.0
oracle zfs storage appliance kit 8.8

Debian Bug report logs - #962323 python-django: CVE-2020-13254 CVE-2020-13596 Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: "Chris Lamb" <lamby@debianorg> ...

It was discovered that Django, a high-level Python web development framework, did not properly sanitize input This would allow a remote attacker to perform SQL injection attacks, Cross-Site Scripting (XSS) attacks, or leak sensitive information For the oldstable distribution (stretch), these problems have been fixed in version 1:1107-2+deb9u9 ...

Several security issues were fixed in Django ...

Severity Unknown Remote Unknown Type Unknown Description AVG-1176 python-django 306-2 Medium Vulnerable ...

The following application has different endpoints to retrieve and manage API vulnerabilities from the NATIONAL VULNERABILITIES DATABASE (NVD), NIST. For more information: https://nvd.nist.gov/developers/vulnerabilities

Mapl-App-NVDs The following application has different endpoints to retrieve and manage API vulnerabilities from the NATIONAL VULNERABILITIES DATABASE (NVD), NIST For more information: nvdnistgov/developers/vulnerabilities The database used is MongoDB, it could be run in a local machine or in several cloud services The application is developed in Python using the Fas

CWE-79 https://www.djangoproject.com/weblog/2020/jun/03/security-releases/https://docs.djangoproject.com/en/3.0/releases/security/https://usn.ubuntu.com/4381-1/https://usn.ubuntu.com/4381-2/https://security.netapp.com/advisory/ntap-20200611-0002/https://www.debian.org/security/2020/dsa-4705 https://www.oracle.com/security-alerts/cpujan2021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/https://groups.google.com/forum/#%21msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962323 https://usn.ubuntu.com/4381-1/https://www.debian.org/security/2020/dsa-4705

CVE-2020-13596

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect