exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2020-13596

Status Candidate

Overview

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

Related Files

Debian Security Advisory 4705-1
Posted Jun 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4705-1 - It was discovered that Django, a high-level Python web development framework, did not properly sanitize input. This would allow a remote attacker to perform SQL injection attacks, Cross-Site Scripting (XSS) attacks, or leak sensitive information.

tags | advisory, remote, web, xss, sql injection, python
systems | linux, debian
advisories | CVE-2020-13254, CVE-2020-13596, CVE-2020-9402
SHA-256 | 96e9fef81f25045e7f4233b281f2a1d7cf7dd3dbdc7336b1d810347bcd7b080d
Ubuntu Security Notice USN-4381-2
Posted Jun 4, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4381-2 - USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-13254, CVE-2020-13596
SHA-256 | 6d6997c59d71b6a3d4224bd5191cc2032e0a291956e6c4109ab9ccdca617e0c6
Ubuntu Security Notice USN-4381-1
Posted Jun 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4381-1 - Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-13254, CVE-2020-13596
SHA-256 | 5a47aadeb9474c5fc5acffb3a2a672de3641279c011265116c9249b2d5b00fc1
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close