← Zuruck zu CVEs
CVE-2020-25626
MEDIUM6.1
Beschreibung
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht9/30/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
debian:debian_linuxencode:django_rest_frameworkredhat:ceph_storage
Schwachen (CWE)
CWE-20CWE-79
Referenzen
https://bugzilla.redhat.com/show_bug.cgi?id=1878635(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201016-0003/(secalert@redhat.com)
https://www.debian.org/security/2022/dsa-5186(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1878635(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201016-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5186(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.