AVG-970 log

Package python2-django
Status Fixed
Severity Medium
Type cross-site scripting
Affected 1.11.20-1
Fixed 1.11.21-1
Current 1.11.26-1 [extra]
Ticket None
Created Mon Jun 3 17:03:18 2019
Issue Severity Remote Type Description
CVE-2019-12308 Medium Yes Cross-site scripting
The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated...
Date Advisory Package Description
04 Jun 2019 ASA-201906-1 python2-django cross-site scripting
References
https://www.djangoproject.com/weblog/2019/jun/03/security-releases/