Описание
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.9 |
| devel | released | 2:2.2.12-1ubuntu1 |
| eoan | released | 1:1.11.22-1ubuntu1.4 |
| esm-infra-legacy/trusty | not-affected | 1.6.11-0ubuntu1.3+esm1 |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.9 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.1 |
| esm-infra/xenial | not-affected | 1.8.7-1ubuntu5.13 |
| focal | released | 2:2.2.12-1ubuntu0.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...
Уязвимость реализации функции ForeignKeyRawIdWidget библиотеки Django, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3