{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30250", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30250"}, {"name": "1020028", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020028"}, {"name": "django-loginform-xss(42396)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42396"}, {"name": "30291", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30291"}, {"name": "29209", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29209"}, {"name": "ADV-2008-1618", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1618"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.djangoproject.com/weblog/2008/may/14/security/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2302", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30250", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30250"}, {"name": "1020028", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020028"}, {"name": "django-loginform-xss(42396)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42396"}, {"name": "30291", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30291"}, {"name": "29209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29209"}, {"name": "ADV-2008-1618", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1618"}, {"name": "http://www.djangoproject.com/weblog/2008/may/14/security/", "refsource": "CONFIRM", "url": "http://www.djangoproject.com/weblog/2008/may/14/security/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:01.250Z"}, "title": "CVE Program Container", "references": [{"name": "30250", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30250"}, {"name": "1020028", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1020028"}, {"name": "django-loginform-xss(42396)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42396"}, {"name": "30291", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30291"}, {"name": "29209", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29209"}, {"name": "ADV-2008-1618", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1618"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.djangoproject.com/weblog/2008/may/14/security/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2302", "datePublished": "2008-05-23T15:00:00", "dateReserved": "2008-05-18T00:00:00", "dateUpdated": "2024-08-07T08:58:01.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "B1CE5394-8883-47DB-9214-CCDD05811179", "vulnerable": true}, {"criteria": "cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "1D617048-648D-4EA1-A779-F6B157AB641E", "vulnerable": true}, {"criteria": "cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "3F54F75F-B2BC-4A44-B93B-DB75856BEC45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en el formulario de login en la aplicaci\u00f3n de administraci\u00f3n en Django 0.91 anteriores a 0.91.2, 0.95 anteriores a 0.95.3 y 0.96 anteriores a 0.96.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de la URI de ciertas peticiones previas."}], "id": "CVE-2008-2302", "lastModified": "2017-08-08T01:30:55.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-05-23T15:32:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/30250"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30291"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020028"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.djangoproject.com/weblog/2008/may/14/security/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29209"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1618"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42396"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Django: administration application XSS", "id": "446402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446402"}, "csaw": false, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request."], "name": "CVE-2008-2302", "public_date": "2008-05-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-2302\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-2302"], "threat_severity": "Moderate"}