Vulnerability CVE-2018-25045


Published: 2022-07-23

Description:
Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.

 References:
https://github.com/encode/django-rest-framework/pull/6191
https://github.com/encode/django-rest-framework/pull/6330
https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8

Copyright 2026, cxsecurity.com

 

Back to Top