← voltar
CVE-2020-25626

CVE-2020-25626

EPSS 1.3%CWE-20
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
30 set 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →