Django 2.2 before 2.2.13 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don’t Repeat Yourself) principle.

Credit:

The information has been provided by Vendor

The original article can be found at:https://docs.djangoproject.com/en/3.0/releases/security/


Details

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

 

Vulnerable Systems:

Django 2.2 before 2.2.13

Django 3.0 before 3.0.7

 

CVE Information:

CVE-2020-13596

Disclosure Timeline:
Published Date:6/3/2020

Categories: FeaturedNews