Description
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1)
WordPress Plugin Klaviyo Cross-Site Scripting (3.0.7)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8419)
WordPress Plugin WP Armour-Honeypot Anti Spam Cross-Site Scripting (1.5.6)
Oracle Application Server CVE-2009-1009 Vulnerability (CVE-2009-1009)