Django 2.2 before 2.2.13 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability


Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don’t Repeat Yourself) principle.


The information has been provided by Vendor

The original article can be found at:


An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.


Vulnerable Systems:

Django 2.2 before 2.2.13

Django 3.0 before 3.0.7


CVE Information:


Disclosure Timeline:
Published Date:6/3/2020

Categories: FeaturedNews