CVE-2011-0697: Cross-site scripting in django
(updated )
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
References
- bugzilla.redhat.com/show_bug.cgi?id=676359
- github.com/advisories/GHSA-8m3r-rv5g-fcpq
- github.com/django/django
- github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904e
- github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fab
- github.com/django/django/commit/90be6ca20d607977dec234ec972b77b83955749b
- github.com/django/django/commit/a9cf3d23724ff6918103e86aa863eadd1fab811d
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-11.yaml
- nvd.nist.gov/vuln/detail/CVE-2011-0697
- web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
- web.archive.org/web/20110521033304/http://secunia.com/advisories/43297
- web.archive.org/web/20110521033309/http://secunia.com/advisories/43382
- web.archive.org/web/20110521033314/http://secunia.com/advisories/43426
- web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296
Code Behaviors & Features
Detect and mitigate CVE-2011-0697 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →