Description

Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.

Remediation

References

CVE-2015-2241

Related Vulnerabilities

Coppermine Improper Authentication Vulnerability (CVE-2005-3979)

WordPress Plugin PowerPack Lite for Beaver Builder Local File Inclusion (1.3.0.3)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7942)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2097)

PHP Other Vulnerability (CVE-2007-1649)

Severity

Medium

Classification

CVE-2015-2241 CWE-707

Tags

Missing Update Known Vulnerabilities