Cross-site scripting in django
Moderate severity
GitHub Reviewed
Published
Jul 23, 2018
to the GitHub Advisory Database
•
Updated May 19, 2026
Description
Published by the National Vulnerability Database
Feb 14, 2011
Published to the GitHub Advisory Database
Jul 23, 2018
Reviewed
Jun 16, 2020
Last updated
May 19, 2026
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.
References