Description
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Session Manager SQL Injection (1.2.1)
WordPress Plugin Booking Calendar-Clockwork SMS Cross-Site Scripting (1.0.5)
WordPress Plugin bSuite Cross-Site Scripting (4.0.7)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6624)
WordPress Plugin WassUp Real Time Analytics Cross-Site Scripting (1.8.3)