- EPSS 0.55%
- Veröffentlicht 10.01.2011 20:00:16
- Zuletzt bearbeitet 29.04.2026 01:13:23
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated use...
- EPSS 4.75%
- Veröffentlicht 10.01.2011 20:00:16
- Zuletzt bearbeitet 29.04.2026 01:13:23
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial ...
CVE-2010-3082
- EPSS 0.41%
- Veröffentlicht 14.09.2010 19:00:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
- EPSS 6.2%
- Veröffentlicht 13.10.2009 10:30:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that t...
CVE-2008-3909
- EPSS 0.38%
- Veröffentlicht 04.09.2008 17:41:00
- Zuletzt bearbeitet 16.04.2026 21:11:39
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and ...