What is CVE-2016-6186?

CVE-2016-6186 is a medium-severity vulnerability in Djangoproject Django, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-08-05.

How severe is CVE-2016-6186?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Djangoproject Django

CVE-2016-6186

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote at…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.164 (95.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Djangoproject Django — versions 1.9, 1.9.0, 1.9.1
Debian Debian_linux — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

1036338 (VDB Entry, vdb-entry, x_refsource_SECTRACK)
20160719 Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) (mailing-list, x_refsource_FULLDISC, Patch, Mailing List)
RHSA-2016:1594 (x_refsource_REDHAT, vendor-advisory)
DSA-3622 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
FEDORA-2016-97ca9d52a4 (x_refsource_FEDORA, vendor-advisory)
cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
20160719 Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (VDB Entry, x_refsource_MISC)
USN-3039-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
FEDORA-2016-b7e31a0b9a (x_refsource_FEDORA, vendor-advisory)

Frequently asked questions

What is CVE-2016-6186?: CVE-2016-6186 is a medium-severity vulnerability in Djangoproject Django, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-08-05.
How severe is CVE-2016-6186?: Medium severity. CVSS v3 base score is 6.1 out of 10.