Launchpad.net

CVE 2008-2302

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

Related bugs and status

CVE-2008-2302 (Candidate) is related to these bugs:

Bug #234631: security vulnerability in django admin

		In	Importance	Status
234631	security vulnerability in django admin	python-django (Ubuntu)	Medium	Fix Released
234631	security vulnerability in django admin	python-django (Ubuntu Feisty)	Undecided	Fix Released
234631	security vulnerability in django admin	python-django (Ubuntu Intrepid)	Medium	Fix Released
234631	security vulnerability in django admin	python-django (Ubuntu Hardy)	Undecided	Fix Released
234631	security vulnerability in django admin	python-django (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.djangoproje...
BID: 29209
SECTRACK: 1020028
SECUNIA: 30250
SECUNIA: 30291
VUPEN: ADV-2008-1618
XF: django-loginform-xss(4...