Уязвимость CVE-2020-25626

Пакет	Статус	Версия исправления	Релиз	Тип
djangorestframework	fixed	3.12.1-1		package
djangorestframework	no-dsa		stretch	package

CVE-2020-25626

CVSS3: 6.1

ubuntu

больше 5 лет назад

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

CVE-2020-25626

CVSS3: 5.4

redhat

больше 5 лет назад

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

CVE-2020-25626

CVSS3: 6.1

nvd

больше 5 лет назад

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

openSUSE-SU-2021:0322-1

suse-cvrf

почти 5 лет назад

Security update for python-djangorestframework

GHSA-fx83-3ph3-9j2q

CVSS3: 6.1

github

почти 5 лет назад

Cross-site Scripting (XSS) in Django REST Framework

exploitDog

CVE-2020-25626

Описание

Пакеты

Примечания

Связанные уязвимости