A flaw was found in Django, where the query parameters for the admin widget ForeignKeyRawIdWidget
were not properly URL encoded. This flaw allows an attacker to perform a Cross-site scripting (XSS) attack. The highest threat from this vulnerability is to confidentiality.