Moderate severityNVD Advisory· Published Mar 12, 2015· Updated Jun 17, 2026
CVE-2015-2241
CVE-2015-2241
Description
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | < 1.7.6 | 1.7.6 |
DjangoPyPI | >= 1.8a1, < 1.8b2 | 1.8b2 |
Affected products
3cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*range: <=1.7.5
- cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- code.djangoproject.com/ticket/24461nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-6565-fg86-6jcxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-2241ghsaADVISORY
- www.djangoproject.com/weblog/2015/mar/09/security-releases/nvdVendor Advisory
- www.mandriva.com/security/advisoriesnvdWEB
- github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5ghsaWEB
- github.com/django/django/commit/82c9169077a066995e3b00aac551bf1c8a89d98aghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-8.yamlghsaWEB
- web.archive.org/web/20150523054951/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:109/ghsaWEB
- web.archive.org/web/20171112005349/http://www.securityfocus.com/bid/73095ghsaWEB
- www.djangoproject.com/weblog/2015/mar/09/security-releasesghsaWEB
- www.securityfocus.com/bid/73095nvd
News mentions
0No linked articles in our index yet.