[3.5] py-django: XSS in admin's add/change related popup (CVE-2016-6186)ID: oval:org.secpod.oval:def:1800065 | Date: (C)2018-03-28 (M)2023-11-10 |
Class: PATCH | Family: unix |
Unsafe usage of JavaScript"s Element.innerHTML could result in XSS in the admin"s add/change related popup. Element.textContent is now used to prevent execution of the data. The debug view also used innerHTML. Although a security issue wasn"t identified there, out of an abundance of caution it"s also updated to use textContent. Fixed In Version django 1.9.8, django 1.8.14
Platform: |
Alpine Linux 3.5 |