Django 2.2 before 2.2.13 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don’t Repeat Yourself) principle.
The information has been provided by Vendor
The original article can be found at:https://docs.djangoproject.com/en/3.0/releases/security/
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
Django 2.2 before 2.2.13
Django 3.0 before 3.0.7