Search for vulnerabilities
Vulnerability details: VCID-u2ak-u5bc-aaad
Vulnerability ID VCID-u2ak-u5bc-aaad
Aliases CVE-2015-2241
GHSA-6565-fg86-6jcx
PYSEC-2015-8
Summary Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00276 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00352 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2015-2241
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1200922
cvssv3.1 6.1 https://code.djangoproject.com/ticket/24461
generic_textual MODERATE https://code.djangoproject.com/ticket/24461
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-6565-fg86-6jcx
cvssv3.1 3.7 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 6.1 https://github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5
generic_textual MODERATE https://github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5
cvssv3.1 6.1 https://github.com/django/django/commit/82c9169077a066995e3b00aac551bf1c8a89d98a
generic_textual MODERATE https://github.com/django/django/commit/82c9169077a066995e3b00aac551bf1c8a89d98a
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-8.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-8.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2015-2241
cvssv3.1 6.1 https://web.archive.org/web/20150523054951/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:109/?name=MDVSA-2015:109
generic_textual MODERATE https://web.archive.org/web/20150523054951/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:109/?name=MDVSA-2015:109
cvssv3.1 6.1 https://web.archive.org/web/20171112005349/http://www.securityfocus.com/bid/73095
generic_textual MODERATE https://web.archive.org/web/20171112005349/http://www.securityfocus.com/bid/73095
cvssv3.1 6.1 https://www.djangoproject.com/weblog/2015/mar/09/security-releases
generic_textual MODERATE https://www.djangoproject.com/weblog/2015/mar/09/security-releases
cvssv3.1 6.1 http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
generic_textual MODERATE http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2241.json
https://api.first.org/data/v1/epss?cve=CVE-2015-2241
https://code.djangoproject.com/ticket/24461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2241
https://github.com/django/django
https://github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5
https://github.com/django/django/commit/82c9169077a066995e3b00aac551bf1c8a89d98a
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-8.yaml
https://web.archive.org/web/20150523054951/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:109/?name=MDVSA-2015:109
https://web.archive.org/web/20171112005349/http://www.securityfocus.com/bid/73095
https://www.djangoproject.com/weblog/2015/mar/09/security-releases
https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
http://www.securityfocus.com/bid/73095
1200922 https://bugzilla.redhat.com/show_bug.cgi?id=1200922
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*
CVE-2015-2241 https://nvd.nist.gov/vuln/detail/CVE-2015-2241
GHSA-6565-fg86-6jcx https://github.com/advisories/GHSA-6565-fg86-6jcx
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://code.djangoproject.com/ticket/24461
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/82c9169077a066995e3b00aac551bf1c8a89d98a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-8.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-2241
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20150523054951/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:109/?name=MDVSA-2015:109
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20171112005349/http://www.securityfocus.com/bid/73095
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.djangoproject.com/weblog/2015/mar/09/security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.65210
EPSS Score 0.00247
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.