CVE-2018-25045
Django REST framework (django-rest-framework) before 3.9.1 is vulnerable to cross-site scripting (XSS) because the default Browsable API templates disable autoescaping. This causes unescaped content to be rendered in the Browsable API UI, enabling potential script injection when user-supplied dat...