This was fixed in 1.5.2-1 currently in saucy, and didn't affect older releases.
** Changed in: python-django (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-django in Ubuntu. https://bugs.launchpad.net/bugs/1212058 Title: Cross-site scripting (XSS) in admin interface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1212058/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs