Description

Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.

Remediation

References

CVE-2011-0697

Related Vulnerabilities

WordPress Plugin Cooked-Recipe Cross-Site Scripting (1.7.9)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3667)

Magento Cleartext Storage of Sensitive Information Vulnerability (CVE-2019-8118)

WordPress Plugin MAZ Loader-Preloader Builder for WordPress SQL Injection (1.3.2)

Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.24)

Severity

Medium

Classification

CVE-2011-0697 CWE-707

Tags

Missing Update Known Vulnerabilities