Cross-site scripting in django
Moderate severity
GitHub Reviewed
Published
Jul 23, 2018
to the GitHub Advisory Database
•
Updated Sep 16, 2024
Description
Published to the GitHub Advisory Database
Jul 23, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 16, 2024
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
References