Description
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
Remediation
References
Related Vulnerabilities
SharePoint Out-of-bounds Write Vulnerability (CVE-2018-0792)
WordPress Plugin Contact Form 7 International Sms Integration Cross-Site Scripting (1.2)
Joomla! Core 3.0.x Clickjacking Vulnerability (3.0.0 - 3.0.1)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-32567)
Python Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4944)