CVE-2016-15010 LOW

CVE-2016-15010: University of Cambridge django-ucamlookup Lookup cross site scripting

Vendor University Of Cambridge
Product django-ucamlookup
Weakness CWE-79 · XSS
Published January 5, 2023
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The identifier of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

January 5, 2023 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-6549 Logo Manager For Enamad <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute CVE-2024-45595 D-Tale allows Remote Code Execution through the Query input on Chart Builder CVE-2025-25165 WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability CVE-2023-3410 Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting CVE-2023-5668 WhatsApp Share Button <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode