PT-2023-10633 · Mobile Vikings · Mobile Vikings Django Ajax Utilities
Published
2023-03-10
·
Updated
2024-05-17
·
CVE-2017-20182
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mobile Vikings Django AJAX Utilities versions up to 1.2.1
Description
A problematic issue affects the
Pagination function of the django ajax/static/ajax-utilities/js/pagination.js file in the Backslash Handler component. The manipulation of the url argument leads to cross-site scripting. The attack can be initiated remotely.Recommendations
For Mobile Vikings Django AJAX Utilities versions up to 1.2.1, apply a patch to fix this issue, specifically the patch committed as 329eb1dd1580ca1f9d4f95bc69939833226515c9, which is included in release 1.2.8. As a temporary workaround, consider restricting the manipulation of the
url argument in the Pagination function until the patch is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mobile Vikings Django Ajax Utilities