Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v466-zd6u-dqce
Vulnerability ID VCID-v466-zd6u-dqce
Aliases CVE-2008-2302
GHSA-54qj-48vx-cr9f
PYSEC-2008-1
Summary Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2008-2302
cvssv3.1 6.1 https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
cvssv4 5.3 https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-54qj-48vx-cr9f
cvssv3.1 6.1 https://github.com/django/django
cvssv4 5.3 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 6.1 https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
cvssv4 5.3 https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
generic_textual MODERATE https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
cvssv3.1 6.1 https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
cvssv4 5.3 https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
generic_textual MODERATE https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
cvssv3.1 6.1 https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
cvssv4 5.3 https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
generic_textual MODERATE https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
cvssv4 5.3 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2008-2302
cvssv4 5.3 https://nvd.nist.gov/vuln/detail/CVE-2008-2302
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2008-2302
cvssv3.1 6.1 https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
cvssv4 5.3 https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
generic_textual MODERATE https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
cvssv3.1 6.1 https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
cvssv4 5.3 https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
generic_textual MODERATE https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
cvssv3.1 6.1 https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
cvssv4 5.3 https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
generic_textual MODERATE https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
cvssv3.1 6.1 https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
cvssv4 5.3 https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
generic_textual MODERATE https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
cvssv3.1 6.1 http://www.djangoproject.com/weblog/2008/may/14/security
cvssv4 5.3 http://www.djangoproject.com/weblog/2008/may/14/security
generic_textual MODERATE http://www.djangoproject.com/weblog/2008/may/14/security
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2302.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302
http://secunia.com/advisories/30250
http://secunia.com/advisories/30291
http://securitytracker.com/id?1020028
https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
https://github.com/django/django
https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
http://www.djangoproject.com/weblog/2008/may/14/security
http://www.djangoproject.com/weblog/2008/may/14/security/
http://www.securityfocus.com/bid/29209
http://www.vupen.com/english/advisories/2008/1618
446402 https://bugzilla.redhat.com/show_bug.cgi?id=446402
481164 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164
CVE-2008-2302 https://nvd.nist.gov/vuln/detail/CVE-2008-2302
GHSA-54qj-48vx-cr9f https://github.com/advisories/GHSA-54qj-48vx-cr9f
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/42396
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2008-1.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2302
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2302
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://web.archive.org/web/20080725022008/http://secunia.com/advisories/30291
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://web.archive.org/web/20081012011038/http://secunia.com/advisories/30250
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://web.archive.org/web/20170222015451/http://securitytracker.com/id?1020028
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://web.archive.org/web/20200228153339/http://www.securityfocus.com/bid/29209
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.djangoproject.com/weblog/2008/may/14/security
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at http://www.djangoproject.com/weblog/2008/may/14/security
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.63116
EPSS Score 0.00441
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:40:48.139309+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2008-1.yaml 38.0.0