VYPR
Moderate severityNVD Advisory· Published Mar 12, 2015· Updated Jun 17, 2026

CVE-2015-2241

CVE-2015-2241

Description

Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
< 1.7.61.7.6
DjangoPyPI
>= 1.8a1, < 1.8b21.8b2

Affected products

3
  • cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*range: <=1.7.5
    • cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.7.6

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.