CVE-2013-4249

N/A Unknown

Published: October 04, 2013 Modified: April 29, 2026

Description

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://seclists.org/oss-sec/2013/q3/369

Source: secalert@redhat.com

http://seclists.org/oss-sec/2013/q3/411

Source: secalert@redhat.com

http://secunia.com/advisories/54476

Source: secalert@redhat.com

Vendor Advisory

http://www.securitytracker.com/id/1028915

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/86438

Source: secalert@redhat.com

https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78

Source: secalert@redhat.com

Exploit Patch

https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560

Source: secalert@redhat.com

Exploit Patch

https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued

Source: secalert@redhat.com

http://seclists.org/oss-sec/2013/q3/369