Cross-Site Scripting (XSS) Vulnerability in Django REST Framework's Browseable API Viewer

Cross-Site Scripting (XSS) Vulnerability in Django REST Framework's Browseable API Viewer

CVE-2020-25626 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.

Learn more about our Api Penetration Testing.