GMS-2013-17: XSS in admin interface

August 13, 2013

The Django administrative application, django.contrib.admin, consider value of a URLField to be safe. Thus, when displaying it, Django does not escape it allowing an attacker to perform XSS in the administrative interface.

References

www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/

Code Behaviors & Features

Detect and mitigate GMS-2013-17 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →