Description
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-5771 Vulnerability (CVE-2013-5771)
SharePoint CVE-2020-1523 Vulnerability (CVE-2020-1523)
MySQL CVE-2014-2442 Vulnerability (CVE-2014-2442)
WordPress Plugin Download Plugin Arbitrary Directory Download (1.0.1)
WordPress Plugin WooCommerce PDF Invoice Bulk Download Cross-Site Scripting (1.0.0)