Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-38ru-zk6a-4yhw

Summary Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.

Aliases

alias	CVE-2008-2302

alias	GHSA-54qj-48vx-cr9f

alias	PYSEC-2008-1

Fixed_packages

url	pkg:deb/debian/python-django@0.96.2-1?distro=trixie
purl	pkg:deb/debian/python-django@0.96.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@0.96.2-1%3Fdistro=trixie

url pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

purl pkg:deb/debian/python-django@2:2.2.28-1~deb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-q4cv-2m7d-3qd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@2:2.2.28-1~deb11u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/python-django@3:3.2.25-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-ape9-66ck-nfez

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

vulnerability	VCID-jt9m-kd3k-uqca

vulnerability	VCID-q4cv-2m7d-3qd5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:3.2.25-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.28-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-32d1-b8f2-hud5

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-63c7-mkxw-ufav

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-cg44-thdw-cygg

vulnerability	VCID-dac4-fa2z-bkdq

vulnerability	VCID-g22z-jue5-8udz

vulnerability	VCID-heum-8mwz-sbcw

vulnerability	VCID-j2uz-w2ur-7ud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.28-0%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

purl pkg:deb/debian/python-django@3:4.2.30-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ccr-92q5-aqfk

vulnerability	VCID-92z2-3rbz-77h9

vulnerability	VCID-g22z-jue5-8udz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:4.2.30-1%3Fdistro=trixie

url	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
purl	pkg:deb/debian/python-django@3:5.2.14-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-django@3:5.2.14-2%3Fdistro=trixie

url pkg:pypi/django@1.1

purl pkg:pypi/django@1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-h5pj-9gmh-tkcb

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-j2fb-pq89-uybu

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-vqne-j65s-s7gx

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.1

Affected_packages

url pkg:pypi/django@0.91

purl pkg:pypi/django@0.91

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38ru-zk6a-4yhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@0.91

url pkg:pypi/django@0.95

purl pkg:pypi/django@0.95

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3s-4vc4-b7bc

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-wpm9-7bed-4yd7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@0.95

url pkg:pypi/django@0.96

purl pkg:pypi/django@0.96

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-38ru-zk6a-4yhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@0.96

url pkg:pypi/django@1.0.1

purl pkg:pypi/django@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.1

url pkg:pypi/django@1.0.2

purl pkg:pypi/django@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.2

url pkg:pypi/django@1.0.3

purl pkg:pypi/django@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y1ks-arp8-23hm

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.3

url pkg:pypi/django@1.0.4

purl pkg:pypi/django@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23af-7vv6-uqf7

vulnerability	VCID-2bh9-k4at-r7hz

vulnerability	VCID-38ru-zk6a-4yhw

vulnerability	VCID-3nx5-xhp1-6qaq

vulnerability	VCID-697r-xhy8-efa5

vulnerability	VCID-6p2m-vyft-xfe8

vulnerability	VCID-9bkv-g3r4-u7h7

vulnerability	VCID-9hjx-7bxr-aufc

vulnerability	VCID-a799-3q3k-1bc2

vulnerability	VCID-arff-yjfe-auhp

vulnerability	VCID-azdn-r9pz-pqd4

vulnerability	VCID-bnm5-r2rs-zyeb

vulnerability	VCID-cbg1-8tp8-7ube

vulnerability	VCID-dg8e-gz93-1fhc

vulnerability	VCID-fkch-835a-4ffd

vulnerability	VCID-fynq-usj6-rfd3

vulnerability	VCID-gky3-h8cp-mue9

vulnerability	VCID-gzrn-p744-g7f2

vulnerability	VCID-hzcv-euwq-eqeg

vulnerability	VCID-kwap-s8k7-p3hf

vulnerability	VCID-n46a-2jfy-pyfc

vulnerability	VCID-n9xn-xrqw-qbfk

vulnerability	VCID-nh19-fbce-wbfu

vulnerability	VCID-q7z8-kjb5-23ay

vulnerability	VCID-qd1m-q2wz-3bfd

vulnerability	VCID-r5pk-kcbc-ybhf

vulnerability	VCID-s4vz-wfcp-aygd

vulnerability	VCID-syfk-mahm-g7gg

vulnerability	VCID-tmuf-twr9-sfgq

vulnerability	VCID-ty5v-6ub3-fufy

vulnerability	VCID-vp74-84r9-2ufs

vulnerability	VCID-vpja-nq3w-tka6

vulnerability	VCID-wmx1-d3pj-cfcw

vulnerability	VCID-x129-emvy-mqfy

vulnerability	VCID-x6ks-p9qc-z7eb

vulnerability	VCID-xpsj-hx41-nub8

vulnerability	VCID-y2nn-vgsc-f3er

vulnerability	VCID-y49z-u736-qfc1

vulnerability	VCID-zuca-q98m-w7bk

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.0.4

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-2302

reference_id

reference_type

scores

value	0.00441
scoring_system	epss
scoring_elements	0.63489
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-2302

reference_url	http://secunia.com/advisories/30250
reference_id
reference_type
scores
url	http://secunia.com/advisories/30250

reference_url	http://secunia.com/advisories/30291
reference_id
reference_type
scores
url	http://secunia.com/advisories/30291

reference_url	http://securitytracker.com/id?1020028
reference_id
reference_type
scores
url	http://securitytracker.com/id?1020028

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/42396

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/42396

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5

reference_url

https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2

reference_url

https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml

reference_url

https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291

reference_url

https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250

reference_url

https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028

reference_url

https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209

reference_url

http://www.djangoproject.com/weblog/2008/may/14/security

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.djangoproject.com/weblog/2008/may/14/security

reference_url	http://www.djangoproject.com/weblog/2008/may/14/security/
reference_id
reference_type
scores
url	http://www.djangoproject.com/weblog/2008/may/14/security/

reference_url	http://www.securityfocus.com/bid/29209
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/29209

reference_url	http://www.vupen.com/english/advisories/2008/1618
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/1618

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164
reference_id	481164
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-2302

reference_id

CVE-2008-2302

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-2302

reference_url

https://github.com/advisories/GHSA-54qj-48vx-cr9f

reference_id

GHSA-54qj-48vx-cr9f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-54qj-48vx-cr9f

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38ru-zk6a-4yhw

Vulnerability Instance