Bouke

**Name of the Vulnerable Software and Affected Versions** django-user-sessions versions prior to 1.7.1 **Description** The views provided by django-user-sessions allow users to terminate specific sessions, and the session key is included in the rendered HTML. This is not a problem in itself, but if the website has an XSS vulnerability, the session key could be extracted by the attacker, potentially leading to a session takeover. **Recommendations** For versions prior to 1.7.1, remove the session key from the template as a workaround until a patch is available.