Bastianwegge

**Name of the Vulnerable Software and Affected Versions** Django template engine for Fiber versions prior to the latest patched version **Description** This issue specifically impacts web applications that render user-supplied data through the Django template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability allows for Cross-Site Scripting (XSS) attacks. The template engine now defaults to having `autoescape` set to `true`, effectively mitigating the risk of XSS attacks. **Recommendations** For versions prior to the latest patched version, upgrade to the latest version of the Django template engine for Fiber, where this security update is implemented. As a temporary workaround for users unable to upgrade immediately, manually implement autoescaping within individual Django templates by adding specific tags to control autoescape behavior, such as `{% autoescape on %}` and `{% endautoescape %}`.