Your submission was sent successfully! Close

CVE-2020-13596

Published: 3 June 2020

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
bionic
Released (1:1.11.11-1ubuntu1.9)
eoan
Released (1:1.11.22-1ubuntu1.4)
focal
Released (2:2.2.12-1ubuntu0.1)
precise Does not exist

trusty
Released (1.6.11-0ubuntu1.3+esm1)
upstream
Released (2.2.13,3.0.7)
xenial
Released (1.8.7-1ubuntu5.13)