Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Django Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-12794 - Vulnerability Database
Django

Django Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-12794

Medium
Reference: CVE-2017-12794
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-12794
Title: Django Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances this allowed a cross-site scripting attack. This vulnerability shouldn39t affect most production sites since you shouldn39t run with quotDEBUG Truequot (which makes this page accessible) in your production settings.