Monday, October 18, 2010

Django: cross-site scripting (XSS) vulnerability

Users of Django please be advised of a cross-site scripting (XSS) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
USN-1004-1: [USN-1004-1] Django vulnerability
Details follow:



It was discovered that Django did not properly sanitize the cookie value

when applying CSRF protections resulting in a cross-site scripting (XSS)

vulnerability. With cross-site scripting vulnerabilities, if a user were

tricked into viewing server output during a crafted server request, a

remote attacker could exploit this to modify the contents, or steal

confidential data, within the same domain.
Read more at www.criticalwatch.com
 

No comments:

Post a Comment