Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2020-25626

Published: 30/09/2020 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Django Rest Framework

Vulnerability Summary

A flaw was found in Django REST Framework versions prior to 3.12.0 and prior to 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

encode django rest framework

redhat ceph storage 2.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: djangorestframework: CVE-2020-25626
Debian Bug report logs - #971554 djangorestframework: CVE-2020-25626 Package: src:djangorestframework; Maintainer for src:djangorestframework is Debian Python Modules Team &lt;python-modules-team@listsaliothdebianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Thu, 1 Oct 2020 18:45:01 UTC Severity: ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container
Synopsis Moderate: security update - Red Hat Ansible Tower 373-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 373-1 - RHEL7 Container Description Updated to the latest version of the git-python library to no longer cause certain jobs to fail U ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6.6-1 - RHEL7 Container
Synopsis Moderate: security update - Red Hat Ansible Tower 366-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 366-1 - RHEL7 Container Description Fixed an XSS vulnerability (CVE-2020-25626) Fixed the Red Hat sosreport tool to no longer include ...
Debian Security Advisories: DSA-5186-1 djangorestframework -- security update
Two cross-site scripting vulnerabilities were discovered in the Django Rest Framework, a toolkit to build web APIs For the oldstable distribution (buster), this problem has been fixed in version 390-1+deb10u1 The stable distribution (bullseye) is not affected We recommend that you upgrade your djangorestframework packages For the detailed sec ...

References

CWE-79https://bugzilla.redhat.com/show_bug.cgi?id=1878635https://security.netapp.com/advisory/ntap-20201016-0003/https://www.debian.org/security/2022/dsa-5186https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971554https://www.debian.org/security/2022/dsa-5186https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook