Improper Context Encoding in Django Template Tag Leads to XSS Vulnerability

Improper Context Encoding in Django Template Tag Leads to XSS Vulnerability

CVE-2022-22818 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

Learn more about our Web Application Penetration Testing UK.