CVE-2020-25626
CVE-2020-25626
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
30 Sep 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
Affected products
n/a · Django REST FrameworkWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →