Django REST framework (aka django-rest-framework) prior to 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
django-rest-framework django rest framework |