CVE-2020-13596 log

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
A possible XSS has been found in Django before 3.0.7, via admin ForeignKeyRawIdWidget. Query parameters for the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector.
Group Package Affected Fixed Severity Status Ticket
AVG-1176 python-django 3.0.6-2 3.0.7-1 Medium Fixed
Date Advisory Group Package Severity Description
06 Jun 2020 ASA-202006-8 AVG-1176 python-django Medium multiple issues
References
https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38