Charles Bideau

**Name of the Vulnerable Software and Affected Versions** Django versions 1.10.x through 1.10.7 Django versions 1.11.x through 1.11.4 **Description** The issue is related to the disabling of HTML autoescaping in a portion of the template for the technical 500 debug page in Django. This could allow a cross-site scripting attack under the right circumstances. The vulnerability is unlikely to affect most production sites, as they should not be run with `DEBUG = True`, which makes the debug page accessible. **Recommendations** For Django versions 1.10.x through 1.10.7, update to version 1.10.8 or later. For Django versions 1.11.x through 1.11.4, update to version 1.11.5 or later. As a temporary workaround, consider setting `DEBUG = False` in production settings to minimize the risk of exploitation.