← back
CVE-2020-25626

CVE-2020-25626

EPSS 1.3%CWE-20
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
30 Sep 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →