An issue exists in Django 2.2 prior to 2.2.13 and 3.0 prior to 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
fedoraproject fedora 32 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
netapp steelstore cloud integrated storage - |
||
netapp sra plugin - |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
oracle zfs storage appliance kit 8.8 |