| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-0220 | 4.3 |
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL
|
22-12-2016 - 02:59 | 16-01-2015 - 16:59 | |
| CVE-2015-0222 | 5.0 |
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.
|
22-12-2016 - 02:59 | 16-01-2015 - 16:59 | |
| CVE-2015-0221 | 5.0 |
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
|
22-12-2016 - 02:59 | 16-01-2015 - 16:59 | |
| CVE-2015-0219 | 5.0 |
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
|
22-12-2016 - 02:59 | 16-01-2015 - 16:59 | |
| CVE-2015-2241 | 4.3 |
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as d
|
03-12-2016 - 03:04 | 12-03-2015 - 14:59 |