NVD

Id
45037  
Name
CVE-2012-3442  
Description
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-07-31  
Modified Date
2013-04-10  
Seq
2012-3442  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
225796 45037 CVE-2012-3442 DSA-2529  View
225797 45037 CVE-2012-3442 MDVSA-2012:143  View
225798 45037 CVE-2012-3442 [oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues  View
225799 45037 CVE-2012-3442 [oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues  View
225800 45037 CVE-2012-3442 USN-1560-1  View
225801 45037 CVE-2012-3442 https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27730 JVNDB-2012-003437 Django におけるクロスサイトスクリプティングの脆弱性 Django の (1) django.http.HttpResponseRedirect および (2) django.http.HttpResponsePermanentRedirect クラスは、リダイレクト対象を検証しないため、クロスサイトスクリプティング攻撃を実行される脆弱性が存在します。 CVE-2012-3442 56680 CVE-2012-3442 45037 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003437.html 2012-07-30 2012-10-23 View