CVE-2020-13596 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=2.2a1 <2.2.13 || >=3.0a1 <3.0.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.01094 pctl0.77152

Details

XSS in Django An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

Metadata

Created: 2020-06-05T16:24:28Z
Modified: 2024-09-20T15:43:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-2m34-jcjv-45xf/GHSA-2m34-jcjv-45xf.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-2m34-jcjv-45xf
Finding: F425
Auto approve: 1