Lucene search

MitreCVE-2022-22818

HistoryFeb 03, 2022 - 2:15 a.m.

CVE-2022-22818

2022-02-0302:15:07

CWE-79

mitre

web.nvd.nist.gov

150

cve-2022-22818

xss

django

template tag

context encoding

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

Affected configurations

Nvd

Node

djangoprojectdjangoRange2.2–2.2.27

djangoprojectdjangoRange3.2–3.2.12

djangoprojectdjangoRange4.0–4.0.2

Node

fedoraprojectfedoraMatch35

Node

debiandebian_linuxMatch11.0

VendorProductVersionCPE
djangoprojectdjango*cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
djangoproject	django	*	cpe:2.3:a:djangoproject:django::::::::
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*