PYSEC-2011-11

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2011-11.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2011-11
Aliases
Published
2011-02-14T21:00:00Z
Modified
2023-11-08T03:56:58.416535Z
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.

References

Affected packages

PyPI / django

Package

Name
django
View open source insights on deps.dev
Purl
pkg:pypi/django

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1
Fixed
1.1.4
Introduced
1.2
Fixed
1.2.5

Affected versions

1.*

1.1
1.1.1
1.1.2
1.1.3
1.2
1.2.1
1.2.2
1.2.3
1.2.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2011-11.yaml"