CVE-2008-2302

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2008-2302

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-2302.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2008-2302

Aliases

GHSA-54qj-48vx-cr9f
PYSEC-2008-1

Downstream

DEBIAN-CVE-2008-2302

Published

2008-05-23T15:32:00Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

References

http://secunia.com/advisories/30250
http://secunia.com/advisories/30291
http://www.vupen.com/english/advisories/2008/1618
http://www.djangoproject.com/weblog/2008/may/14/security/
http://www.securityfocus.com/bid/29209
http://securitytracker.com/id?1020028
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396

CVE-2008-2302

Affected packages