Arch Linux Security Advisory ASA-201503-7 ======================================== Severity: Medium Date : 2015-03-11 CVE-ID : CVE-2015-2241 Package : python2-django python-django Type : Cross-Site-Scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ====== The packages python2-django and python-django before version 1.7.6-1 are vulnerable to cross-site-scripting. Resolution ========= Upgrade to 1.7.6-1. # pacman -Syu "python2-django>=1.7.6.-1" # pacman -Syu "python-django>=1.7.6-1" Workaround ========= None. Description ========== XSS attack via properties in ModelAdmin.readonly_fields Impact ===== A remote attacker is able to change content or to craft a specific phishing website. References ========= https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ https://security-tracker.debian.org/tracker/CVE-2015-2241 https://bugs.archlinux.org/task/44122
ArchLinux: 201503-7: python2-django python-django - cross site scripting
March 11, 2015
Summary
XSS attack via properties in ModelAdmin.readonly_fields
Resolution
Upgrade to 1.7.6-1.
# pacman -Syu "python2-django>=1.7.6.-1"
# pacman -Syu "python-django>=1.7.6-1"
References
https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ https://security-tracker.debian.org/tracker/CVE-2015-2241 https://bugs.archlinux.org/task/44122
Severity
Package : python2-django python-django
Type : Cross-Site-Scripting
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Workaround
None.
News
HOWTOs
About Us
Powered By
