2 matches found
SUSE CVE-2020-13596
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...
The vulnerability of the ForeignKeyRawIdWidget implementation in the Django library allows attackers to perform cross-site scripting attacks.
The vulnerability of the ForeignKeyRawIdWidget implementation in the Django library is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks remotely...