Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-13596 - log back

CVE-2020-13596 edited at 05 Jun 2020 13:25:46

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Cross-site scripting

Description

+	A possible XSS has been found in Django before 3.0.7, via admin ForeignKeyRawIdWidget. Query parameters for the admin ForeignKeyRawIdWidget were not properly URL encoded, posing an XSS attack vector.

References

+	https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38

Notes

CVE-2020-13596 created at 05 Jun 2020 13:22:41