26 matches found
CVE-2026-46628
Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...
EUVD-2022-6453
Malicious code in bioql PyPI...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
SUSE CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
Django REST framework XSS Vulnerability
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
GHSA-XQCF-HJ92-967M Django REST framework XSS Vulnerability
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
UBUNTU-CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
CVE-2018-25045
Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...
PYSEC-2021-120
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped...
PYSEC-2021-120
Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped...
GHSA-57H7-R3Q3-W57J Cross-Site Scripting
Django-Rest-Framework, before 3.9.1, has a XSS vulnerability caused by disabled autoescaping in the default DRF Browsable API view templates...
Cross-Site Scripting
Django-Rest-Framework, before 3.9.1, has a XSS vulnerability caused by disabled autoescaping in the default DRF Browsable API view templates...
Django vulnerable to XSS on 500 pages
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
CVE-2016-10547
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting XSS vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as name=alert1, it is possible to...
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
Cross site scripting
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
DEBIAN-CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...