CVE-2018-25045

MEDIUM

django-rest-framework < 3.9.1 - Cross-Site Scripting via Browsable API View Templates

Title source: llm
STIX 2.1

Description

Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0060
EPSS Percentile 44.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
django-rest-framework/django_rest_framework < 3.9.1
pypi/django-rest-framework 0 - 3.9.1PyPI
Published Jul 23, 2022
Tracked Since Feb 18, 2026