Multiple vulnerabilities has been discovered and corrected in python-django: The django.http.HttpResponseRedirect and django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting attacks via a data: URL . The django.forms.ImageField class in the ...