← Volver a CVEs
CVE-2020-25626
MEDIUM6.1
Descripcion
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado9/30/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
debian:debian_linuxencode:django_rest_frameworkredhat:ceph_storage
Debilidades (CWE)
CWE-20CWE-79
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1878635(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201016-0003/(secalert@redhat.com)
https://www.debian.org/security/2022/dsa-5186(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1878635(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201016-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5186(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.