PYSEC-2020-32

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...

PT-2020-5484 · Django +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.13 Django versions 3.0 before 3.0.7 Description: The issue is related to errors in the certificate authentication procedure in the Django library. It may allow a remote attacker to gain unauthorized access to...