Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-22818)

Description

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

Remediation

References

CVE-2022-22818

Related Vulnerabilities

WordPress Plugin WangGuard Multiple Vulnerabilities (1.7.2)

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)

WordPress Plugin Custom 404 Pro Unspecified Vulnerability (3.7.0)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-8747)

WebLogic Observable Discrepancy Vulnerability (CVE-2019-3739)

Severity

Medium

Classification

CVE-2022-22818 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N