CVE-2020-13596
published 2020-06-03CVE-2020-13596: An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | python-django | < python-django 2:2.2.13-1 (bookworm) | python-django 2:2.2.13-1 (bookworm) |
| djangoproject | django | >= 2.2 < 2.2.13 | 2.2.13 |
| djangoproject | django | >= 2.2a1 < 2.2.13 | 2.2.13 |
| djangoproject | django | >= 3.0 < 3.0.7 | 3.0.7 |
| djangoproject | django | >= 3.0a1 < 3.0.7 | 3.0.7 |
| fedoraproject | fedora | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM