Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-tzau-6ftq-qfh8
Summary
Security researcher Masato Kinugawa discovered that if a web
page is missing character set encoding information it can inherit character
encodings across navigations into another domain from an earlier site. Only
same-origin inheritance is allowed according to the HTML5 specification. This
issue allows an attacker to add content that will be interpreted one way on the
victim site, but which may then behave differently, evading cross-site scripting
(XSS) filtering, when forced into an unexpected character set. Web site authors
should always explicitly declare a character encoding to avoid similar issues.
In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.
Aliases
0
alias CVE-2013-5612
Fixed_packages
0
url pkg:mozilla/Firefox@26.0.0
purl pkg:mozilla/Firefox@26.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@26.0.0
1
url pkg:mozilla/Seamonkey@2.23.0
purl pkg:mozilla/Seamonkey@2.23.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.23.0
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
reference_id CVE-2013-5612
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-106
reference_id mfsa2013-106
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-106
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-tzau-6ftq-qfh8