Vulnerabilities > Djangoproject > Django
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-10 | CVE-2010-4534 | Permissions, Privileges, and Access Controls vulnerability in Djangoproject Django The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | 4.0 |
| 2010-09-14 | CVE-2010-3082 | Cross-Site Scripting vulnerability in Djangoproject Django 1.2.1/1.2.2 Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie. | 4.3 |
| 2009-10-13 | CVE-2009-3695 | Remote Denial of Service vulnerability in Django 'EmailField' and 'URLField' Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. | 5.0 |