Vulnerabilities

CVE-2016-6186

by Fred · 05/08/2016

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.

Date published : 2016-08-05

http://www.securityfocus.com/bid/92058

http://www.securityfocus.com/archive/1/538947/100/0/threaded

Similar

Tags: Cybersecurity Alert