django_ucamlookup is vulnerable to Cross-Site Scripting (XSS) attacks. The invocation of jquery select2
to provide searchable dropdowns does not sanitize data coming from the lookup, allowing an attacker to inject and execute malicious JavaScript through formatResult
function of the component Lookup Handler
.