Nick Bruun

**Name of the Vulnerable Software and Affected Versions** Django versions 1.4.x through 1.4.5 Django versions 1.5.x through 1.5.1 Django versions 1.6 before beta 2 **Description** The issue in the `is safe url` function in `utils/http.py` might introduce cross-site scripting (XSS) or other issues into applications that use this function. This is demonstrated by the login view in `django.contrib.auth.views` and the `javascript:` scheme. **Recommendations** For Django versions 1.4.x through 1.4.5, update to version 1.4.6 or later. For Django versions 1.5.x through 1.5.1, update to version 1.5.2 or later. For Django versions 1.6 before beta 2, update to beta 2 or later.