Moderate severityNVD Advisory· Published Feb 14, 2011· Updated Jun 16, 2026
CVE-2011-0697
CVE-2011-0697
Description
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.1, < 1.1.4 | 1.1.4 |
DjangoPyPI | >= 1.2, < 1.2.5 | 1.2.5 |
Affected products
10cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
32- openwall.com/lists/oss-security/2011/02/09/6nvdPatchWEB
- www.djangoproject.com/weblog/2011/feb/08/security/nvdPatchVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- github.com/advisories/GHSA-8m3r-rv5g-fcpqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-0697ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.htmlnvdWEB
- secunia.com/advisories/43230nvdWEB
- secunia.com/advisories/43297nvdWEB
- secunia.com/advisories/43382nvdWEB
- secunia.com/advisories/43426nvdWEB
- www.debian.org/security/2011/dsa-2163nvdWEB
- www.djangoproject.com/weblog/2011/feb/08/securityghsaWEB
- www.mandriva.com/security/advisoriesnvdWEB
- www.securityfocus.com/bid/46296nvdWEB
- www.ubuntu.com/usn/USN-1066-1nvdWEB
- www.vupen.com/english/advisories/2011/0372nvdWEB
- www.vupen.com/english/advisories/2011/0388nvdWEB
- www.vupen.com/english/advisories/2011/0429nvdWEB
- www.vupen.com/english/advisories/2011/0439nvdWEB
- www.vupen.com/english/advisories/2011/0441nvdWEB
- github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904eghsaWEB
- github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fabghsaWEB
- github.com/django/django/commit/90be6ca20d607977dec234ec972b77b83955749bghsaWEB
- github.com/django/django/commit/a9cf3d23724ff6918103e86aa863eadd1fab811dghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-11.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-31.yamlghsaWEB
- web.archive.org/web/20110521033259/http://secunia.com/advisories/43230ghsaWEB
- web.archive.org/web/20110521033304/http://secunia.com/advisories/43297ghsaWEB
- web.archive.org/web/20110521033309/http://secunia.com/advisories/43382ghsaWEB
- web.archive.org/web/20110521033314/http://secunia.com/advisories/43426ghsaWEB
- web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296ghsaWEB
News mentions
0No linked articles in our index yet.