Daniel Chatfield

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.7.3 **Description** The issue allows control characters to trick redirect URL validation. **Recommendations** For versions prior to 4.7.3, update to version 4.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 10 **Description** The issue allows remote attackers to spoof the address bar of a tab via a crafted web site. This can lead to phishing attacks or other malicious activities where the user is misled about the actual website they are visiting. **Recommendations** For versions prior to 10, update to version 10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 1.4.20 Django versions 1.5.x Django versions 1.6.x prior to 1.6.11 Django versions 1.7.x prior to 1.7.7 Django versions 1.8.x prior to 1.8c1 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL. This is demonstrated by a URL containing a control character, such as `x08javascript:`. The `utils.http.is safe url` function does not properly validate URLs, leading to this security issue. **Recommendations** For Django versions prior to 1.4.20, update to version 1.4.20 or later. For Django versions 1.5.x, update to a version with the fix, as 1.5.x is affected but no specific end version is provided. For Django versions 1.6.x prior to 1.6.11, update to version 1.6.11 or later. For Django versions 1.7.x prior to 1.7.7, update to version 1.7.7 or later. For Django versions 1.8.x prior to 1.8c1, update to version 1.8c1 or later.