Back to search
CVE-2020-25626
Published: Sep 30, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
| Vendor | Product | Versions |
|---|---|---|
n/a | Django REST Framework | affected All django-rest-framework versions before 3.12.0 and before 3.11.2 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1878635
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201016-0003/
x_refsource_CONFIRM
DSA-5186
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now