Moderate severityNVD Advisory· Published Sep 14, 2010· Updated Jun 16, 2026
CVE-2010-3082
CVE-2010-3082
Description
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.2, < 1.2.2 | 1.2.2 |
Affected products
4cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
11- www.djangoproject.com/weblog/2010/sep/08/security-release/nvdPatchVendor Advisory
- www.securityfocus.com/bid/43116nvdPatch
- github.com/advisories/GHSA-fxpg-gg9g-76gjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-3082ghsaADVISORY
- marc.infonvdWEB
- www.djangoproject.com/weblog/2010/sep/08/security-releaseghsaWEB
- www.ubuntu.com/usn/USN-1004-1nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/61729nvdWEB
- github.com/django/django/commit/7f84657b6b2243cc787bdb9f296710c8d13ad0bdghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2010-12.yamlghsaWEB
News mentions
0No linked articles in our index yet.