← volver
CVE-2017-12794

CVE-2017-12794

EPSS 23.6%
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS EPSS 23.6%KEV nãoPoC Nuclei simMetasploit Patch referenciado
Ciclo de vida
07 sep 2017Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
Productos afectados
n/a · n/a