Description
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
Remediation
References
Related Vulnerabilities
e107 Other Vulnerability (CVE-2005-2805)
WebLogic CVE-2020-14652 Vulnerability (CVE-2020-14652)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.33)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3724)