← Retour aux CVEs
CVE-2020-25626
MEDIUM6.1
Description
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie9/30/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
debian:debian_linuxencode:django_rest_frameworkredhat:ceph_storage
Faiblesses (CWE)
CWE-20CWE-79
References
https://bugzilla.redhat.com/show_bug.cgi?id=1878635(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201016-0003/(secalert@redhat.com)
https://www.debian.org/security/2022/dsa-5186(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1878635(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201016-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5186(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.