HTTP: Django CMS Persistent Cross-Site Scripting
This signature detects attempts to exploit a known vulnerability against Django CMS. A successful attack can lead to Cross Site Scripting.
Extended Description
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
Affected Products
Djangoproject django
References
BugTraq: 92058
CVE: CVE-2016-6186
URL: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
Short Name
HTTP:XSS:DJANGO-CMS-XSS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CMS CVE-2016-6186 Cross-Site Django Persistent Scripting bid:92058
Release Date
06/18/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Djangoproject
Debian
CVSS Score
4.3