vulnerability
FreeBSD: VID-ffc73e87-87f0-11e9-ad56-fcaa147e860e (CVE-2019-12308): Django -- AdminURLFieldWidget XSS
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jun 6, 2019 | Jun 6, 2019 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jun 6, 2019
Added
Jun 6, 2019
Modified
Dec 10, 2025
Description
Django security releases issued: The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.. jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Solutions
freebsd-upgrade-package-py27-django111freebsd-upgrade-package-py35-django111freebsd-upgrade-package-py36-django111freebsd-upgrade-package-py37-django111freebsd-upgrade-package-py35-django21freebsd-upgrade-package-py36-django21freebsd-upgrade-package-py37-django21freebsd-upgrade-package-py35-django22freebsd-upgrade-package-py36-django22freebsd-upgrade-package-py37-django22
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.