Search for vulnerabilities
Vulnerability details: VCID-ftvc-fkjc-aaaa
Vulnerability ID VCID-ftvc-fkjc-aaaa
Aliases CVE-2016-6186
GHSA-c8c8-9472-w52h
PYSEC-2016-2
Summary Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.1 http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
generic_textual MODERATE http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6186.html
cvssv3.1 6.1 http://rhn.redhat.com/errata/RHSA-2016-1594.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-1594.html
cvssv3.1 6.1 http://rhn.redhat.com/errata/RHSA-2016-1595.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-1595.html
cvssv3.1 6.1 http://rhn.redhat.com/errata/RHSA-2016-1596.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2016-1596.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1594
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1595
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1596
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6186.json
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.00370 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.05145 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.13095 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
epss 0.14149 https://api.first.org/data/v1/epss?cve=CVE-2016-6186
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1355663
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6186
cvssv3.1 6.1 http://seclists.org/fulldisclosure/2016/Jul/53
generic_textual MODERATE http://seclists.org/fulldisclosure/2016/Jul/53
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-c8c8-9472-w52h
cvssv3.1 3.7 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 6.1 https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
generic_textual MODERATE https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
cvssv3.1 6.1 https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
generic_textual MODERATE https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
cvssv3.1 6.1 https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
generic_textual MODERATE https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2016-6186
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-6186
generic_textual Medium https://ubuntu.com/security/notices/USN-3039-1
cvssv3.1 6.1 https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
cvssv3.1 6.1 https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
generic_textual MODERATE https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
cvssv3.1 6.1 https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
generic_textual MODERATE https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
cvssv3.1 6.1 https://www.djangoproject.com/weblog/2016/jul/18/security-releases
generic_textual MODERATE https://www.djangoproject.com/weblog/2016/jul/18/security-releases
generic_textual Medium https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
cvssv3.1 6.1 https://www.exploit-db.com/exploits/40129
generic_textual MODERATE https://www.exploit-db.com/exploits/40129
cvssv3.1 6.1 http://www.debian.org/security/2016/dsa-3622
generic_textual MODERATE http://www.debian.org/security/2016/dsa-3622
cvssv3.1 6.1 http://www.ubuntu.com/usn/USN-3039-1
generic_textual MODERATE http://www.ubuntu.com/usn/USN-3039-1
cvssv3.1 6.1 http://www.vulnerability-lab.com/get_content.php?id=1869
generic_textual MODERATE http://www.vulnerability-lab.com/get_content.php?id=1869
Reference id Reference type URL
http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6186.html
http://rhn.redhat.com/errata/RHSA-2016-1594.html
http://rhn.redhat.com/errata/RHSA-2016-1595.html
http://rhn.redhat.com/errata/RHSA-2016-1596.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6186.json
https://api.first.org/data/v1/epss?cve=CVE-2016-6186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6186
http://seclists.org/fulldisclosure/2016/Jul/53
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/django/django
https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW/
https://ubuntu.com/security/notices/USN-3039-1
https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
https://www.djangoproject.com/weblog/2016/jul/18/security-releases
https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
https://www.exploit-db.com/exploits/40129
https://www.exploit-db.com/exploits/40129/
http://www.debian.org/security/2016/dsa-3622
http://www.securityfocus.com/archive/1/538947/100/0/threaded
http://www.securityfocus.com/bid/92058
http://www.securitytracker.com/id/1036338
http://www.ubuntu.com/usn/USN-3039-1
http://www.vulnerability-lab.com/get_content.php?id=1869
1355663 https://bugzilla.redhat.com/show_bug.cgi?id=1355663
831799 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831799
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10:alpha1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10:beta1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2016-6186 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/40129.txt
CVE-2016-6186 https://nvd.nist.gov/vuln/detail/CVE-2016-6186
CVE-2016-6186 Exploit https://www.vulnerability-lab.com/get_content.php?id=1869
GHSA-c8c8-9472-w52h https://github.com/advisories/GHSA-c8c8-9472-w52h
RHSA-2016:1594 https://access.redhat.com/errata/RHSA-2016:1594
RHSA-2016:1595 https://access.redhat.com/errata/RHSA-2016:1595
RHSA-2016:1596 https://access.redhat.com/errata/RHSA-2016:1596
USN-3039-1 https://usn.ubuntu.com/3039-1/
Data source Exploit-DB
Date added July 20, 2016
Description Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
Ransomware campaign use Known
Source publication date July 20, 2016
Exploit type webapps
Platform python
Source update date July 20, 2016
Source URL https://www.vulnerability-lab.com/get_content.php?id=1869
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://packetstormsecurity.com/files/137965/Django-3.3.0-Script-Insertion.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-1594.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-1595.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-1596.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6186.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2016/Jul/53
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/6fa150b2f8b601668083042324c4add534143cb1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-2.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMLLFAUT4J4IP4P2KI4NOVWRMHA22WUJ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHHPN6MISX5I6UTXQHYLPTLEEUE6WDXW
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6186
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6186
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20201022155237/http://www.securityfocus.com/archive/1/538947/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20210123154652/http://www.securityfocus.com/bid/92058
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20211204042848/http://www.securitytracker.com/id/1036338
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.djangoproject.com/weblog/2016/jul/18/security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.exploit-db.com/exploits/40129
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.debian.org/security/2016/dsa-3622
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.ubuntu.com/usn/USN-3039-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.vulnerability-lab.com/get_content.php?id=1869
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68576
EPSS Score 0.00290
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.