Django · Django · CVE-2010-3082
**Name of the Vulnerable Software and Affected Versions**
Django versions 1.2.x through 1.2.1
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a `csrfmiddlewaretoken` (also known as `csrf token`) cookie.
**Recommendations**
For Django versions 1.2.x through 1.2.1, update to version 1.2.2 or later to resolve the issue.