{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34822?format=json","vulnerability_id":"VCID-wfas-jszp-k7dz","summary":"Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.","aliases":[{"alias":"CVE-2013-4249"},{"alias":"PYSEC-2013-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7644?format=json","purl":"pkg:pypi/django@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-3sg7-t77d-rkc6"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-71t1-69yq-c7h6"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9bqp-b6rw-mye7"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-ffsr-th58-p3ct"},{"vulnerability":"VCID-g2z3-2h8p-c7ge"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-ps24-pjj4-uqd1"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rq19-9v21-47dy"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7642?format=json","purl":"pkg:pypi/django@1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-3sg7-t77d-rkc6"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-71t1-69yq-c7h6"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9bqp-b6rw-mye7"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-ffsr-th58-p3ct"},{"vulnerability":"VCID-g2z3-2h8p-c7ge"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-ps24-pjj4-uqd1"},{"vulnerability":"VCID-r78b-88d6-m3f2"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rq19-9v21-47dy"},{"vulnerability":"VCID-rtjn-qccc-8kc7"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"},{"vulnerability":"VCID-wfas-jszp-k7dz"},{"vulnerability":"VCID-x212-mskt-9bbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/7643?format=json","purl":"pkg:pypi/django@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-3sg7-t77d-rkc6"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-71t1-69yq-c7h6"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9bqp-b6rw-mye7"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-ffsr-th58-p3ct"},{"vulnerability":"VCID-g2z3-2h8p-c7ge"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-ps24-pjj4-uqd1"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rq19-9v21-47dy"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"},{"vulnerability":"VCID-wfas-jszp-k7dz"},{"vulnerability":"VCID-x212-mskt-9bbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.1"}],"references":[{"reference_url":"http://seclists.org/oss-sec/2013/q3/369","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/369"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/411","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/411"},{"reference_url":"http://secunia.com/advisories/54476","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/54476"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86438","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86438"},{"reference_url":"https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78"},{"reference_url":"https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560"},{"reference_url":"https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued"},{"reference_url":"http://www.securitytracker.com/id/1028915","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1028915"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfas-jszp-k7dz"}