CVE-2011-0697
Published: 14 February 2011
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.1.4, 1.2.5-1)
|
Patches: Upstream: http://code.djangoproject.com/changeset/15470 (trunk) Upstream: http://code.djangoproject.com/changeset/15471 (1.2) Upstream: http://code.djangoproject.com/changeset/15472 (1.1) |