USN-1066-1 -- python-django vulnerabilitiesID: oval:org.secpod.oval:def:700236 | Date: (C)2011-02-21 (M)2021-09-12 |
Class: PATCH | Family: unix |
It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain
Platform: |
Ubuntu 10.10 |
Ubuntu 9.10 |
Ubuntu 10.04 |