There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.