USN-1004-1 -- python-django vulnerabilityID: oval:org.secpod.oval:def:700091 | Date: (C)2011-01-28 (M)2021-09-11 |
Class: PATCH | Family: unix |
It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.