CVE-2015-2241
Published: 12 March 2015
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.7.6-1)
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
|
|
Patches: Upstream: https://github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5 (1.7) Upstream: https://github.com/django/django/commit/35d68e8e766217924375e1a91533fee50159291c (1.8) |