Description
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/adamghill/django-unicorn/commit/3a832a9e3f6455ddd3b87f646247269918ad10c6
Patch, Third Party Advisory x_refsource_misc
https://github.com/adamghill/django-unicorn/compare/0.36.0...0.36.1
Scores
CVSS v3
6.1
EPSS
0.0068
EPSS Percentile
47.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
django-unicorn/unicorn
< 0.36.1
pypi/django-unicorn
0 - 0.36.1PyPI
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026