Arch Linux 2015-03-11 Medium: Python-Django Cross-Site Scripting
Mar 11, 2015
•
LinuxSecurity Advisories
1 min read
Topics Covered
The packages python2-django and python-django before version 1.7.6-1 are vulnerable to cross-site-scripting.
Arch Linux Security Advisory ASA-201503-7 ======================================== Severity: Medium Date : 2015-03-11 CVE-ID : CVE-2015-2241 Package : python2-django python-django Type : Cross-Site-Scripting Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The packages python2-django and python-django before version 1.7.6-1 are vulnerable to cross-site-scripting. Resolution ========= Upgrade to 1.7.6-1. # pacman -Syu "python2-django>=1.7.6.-1" # pacman -Syu "python-django>=1.7.6-1" Workaround ========= None. Description ========== XSS attack via properties in ModelAdmin.readonly_fields Impact ===== A remote attacker is able to change content or to craft a specific phishing website. References ========= https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ https://security-tracker.debian.org/tracker/CVE-2015-2241 https://bugs.archlinux.org/task/44122
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!