XSS Vulnerability in Django REST Framework Browsable API View Templates

XSS Vulnerability in Django REST Framework Browsable API View Templates

CVE-2018-25045 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.

Learn more about our Api Penetration Testing.