6.1
CVE-2016-6186
- EPSS 5.54%
- Veröffentlicht 05.08.2016 15:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Djangoproject ≫ Django Version <= 1.8.13
Djangoproject ≫ Django Version1.9
Djangoproject ≫ Django Version1.9.0 Updaterc1
Djangoproject ≫ Django Version1.9.1
Djangoproject ≫ Django Version1.9.2
Djangoproject ≫ Django Version1.9.3
Djangoproject ≫ Django Version1.9.4
Djangoproject ≫ Django Version1.9.5
Djangoproject ≫ Django Version1.9.6
Djangoproject ≫ Django Version1.9.7
Djangoproject ≫ Django Version1.10 Updatealpha1
Djangoproject ≫ Django Version1.10 Updatebeta1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.54% | 0.918 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
http://rhn.redhat.com/errata/RHSA-2016-1594.html
http://rhn.redhat.com/errata/RHSA-2016-1595.html
http://rhn.redhat.com/errata/RHSA-2016-1596.html
http://seclists.org/fulldisclosure/2016/Jul/53
http://www.debian.org/security/2016/dsa-3622
http://www.securityfocus.com/archive/1/538947/100/0/threaded
http://www.securityfocus.com/bid/92058
http://www.securitytracker.com/id/1036338
http://www.ubuntu.com/usn/USN-3039-1
http://www.vulnerability-lab.com/get_content.php?id=1869
https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
https://www.exploit-db.com/exploits/40129/