CVE-2008-2302: Django Cross-site scripting (XSS) vulnerability
(updated )
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
References
- exchange.xforce.ibmcloud.com/vulnerabilities/42396
- github.com/advisories/GHSA-54qj-48vx-cr9f
- github.com/django/django
- github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
- github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
- github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
- nvd.nist.gov/vuln/detail/CVE-2008-2302
- web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
- web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
- web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
- web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
Detect and mitigate CVE-2008-2302 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →