Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:djangoproject:django:1.3.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0305 |
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. Published: May 02, 2013; 10:55:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-4520 |
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values. Published: November 18, 2012; 6:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |