Keryn Knight

**Name of the Vulnerable Software and Affected Versions** Django versions 2.2 before 2.2.27 Django versions 3.2 before 3.2.12 Django versions 4.0 before 4.0.2 **Description** The `{% debug %}` template tag in Django does not properly encode the current context, which may lead to XSS. This issue is related to the framework's failure to protect the web page structure, allowing a remote attacker to conduct a cross-site scripting attack. **Recommendations** For Django versions 2.2 before 2.2.27, update to version 2.2.27 or later. For Django versions 3.2 before 3.2.12, update to version 3.2.12 or later. For Django versions 4.0 before 4.0.2, update to version 4.0.2 or later. As a temporary workaround, consider disabling the `{% debug %}` template tag until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Django versions 1.6.x through 1.6.9 Django versions 1.7.x through 1.7.2 **Description** The issue allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries, when `show hidden initial` is set to True in `ModelMultipleChoiceField`. **Recommendations** For Django versions 1.6.x through 1.6.9, update to version 1.6.10 or later. For Django versions 1.7.x through 1.7.2, update to version 1.7.3 or later.