Lucene search
PRIOn knowledge basePRION:CVE-2020-25626HistorySep 30, 2020 - 8:15 p.m.
Cross site scripting
2020-09-3020:15:00
PRIOn knowledge base
www.prio-n.com
12
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 11.0 | |
| django_rest_framework | lt | 3.12.0 | |
| ceph_storage | eq | 2.0 |
Related
osv
osv
CVE-2020-25626
2020-09-30 20:15:15
PYSEC-2020-263
2020-09-30 20:15:00
Cross-site Scripting (XSS) in Django REST Framework
2021-03-19 21:32:47
suse
suse
Security update for python-djangorestframework (important)
2021-02-25 00:00:00
Security update for python-djangorestframework (important)
2021-02-22 00:00:00
redhatcve
redhatcve
CVE-2020-25626
2020-09-30 16:16:59
cve
cve
CVE-2020-25626
2020-09-30 20:15:15
nessus
nessus
openSUSE Security Update : python-djangorestframework (openSUSE-2021-322)
2021-02-25 00:00:00
Debian DSA-5186-1 : djangorestframework - security update
2022-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2020-25626
2020-09-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for python-djangorestframework (openSUSE-SU-2021:0322-1)
2021-04-16 00:00:00
Debian: Security Advisory (DSA-5186-1)
2022-07-23 00:00:00
debian
debian
[SECURITY] [DSA 5186-1] djangorestframework security update
2022-07-22 12:10:07
[SECURITY] [DSA 5186-1] djangorestframework security update
2022-07-22 13:01:21
nvd
nvd
CVE-2020-25626
2020-09-30 20:15:15
cvelist
cvelist
CVE-2020-25626
2020-09-30 19:24:45
veracode
veracode
Cross-site Scripting (XSS)
2020-10-01 00:35:06
debiancve
debiancve
CVE-2020-25626
2020-09-30 20:15:15
github
github
Cross-site Scripting (XSS) in Django REST Framework
2021-03-19 21:32:47
redhat
redhat