Improper Context Encoding in Django Template Tag Leads to XSS Vulnerability
CVE-2022-22818 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
Learn more about our Web Application Penetration Testing UK.