Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wang0LTNmM3AtMjl2M84AAwwC
django-ucamlookup Cross-site Scripting vulnerability
A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 can address this issue. The name of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Permalink: https://github.com/advisories/GHSA-pjx4-3f3p-29v3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wang0LTNmM3AtMjl2M84AAwwC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 6 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-pjx4-3f3p-29v3, CVE-2016-15010
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-15010
- https://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3
- https://github.com/uisautomation/django-ucamlookup/releases/tag/1.9.2
- https://vuldb.com/?ctiid.217441
- https://vuldb.com/?id.217441
- https://github.com/advisories/GHSA-pjx4-3f3p-29v3
Blast Radius: 3.7
Affected Packages
pypi:django-ucamlookup
Dependent packages: 1Dependent repositories: 4
Downloads: 774 last month
Affected Version Ranges: < 1.9.2
Fixed in: 1.9.2
All affected versions: 1.2.1, 1.6.1, 1.7.1, 1.9.1
All unaffected versions: 1.9.2, 1.9.3, 1.9.4, 1.9.5, 2.0.0, 3.0.0, 3.0.3, 3.0.5, 3.1.0