PT-2022-28290 — XSS in Unknown Django-Jsonform

PT-2022-28290 · Unknown · Django-Jsonform

Published

2022-06-10

Updated

2022-06-10

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions django-jsonform versions prior to 2.10.1

Description The issue allows for XSS attacks due to the storage of raw JSON data in a hidden textarea on the admin page, which is unescaped using the safe template filter. This affects admin pages where django-jsonform is rendered.

Recommendations For versions prior to 2.10.1, upgrade to django-jsonform version 2.10.1 or later.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

GHSA-X9JP-4W8M-4F3C

Affected Products

Django-Jsonform

PT-2022-28290 · Unknown · Django-Jsonform

Weakness Enumeration

Related Identifiers

Affected Products

References · 3