Search for vulnerabilities
| Vulnerability ID | VCID-55pq-1wqc-skas |
| Aliases |
GHSA-57h7-r3q3-w57j
|
| Summary | Cross-Site Scripting Django-Rest-Framework, before 3.9.1, has a XSS vulnerability caused by disabled autoescaping in the default DRF Browsable API view templates. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-57h7-r3q3-w57j |
| generic_textual | MODERATE | https://github.com/encode/django-rest-framework/commit/343ce4a03cad02631752a5e9bde26218fd647c14 |
| generic_textual | MODERATE | https://github.com/encode/django-rest-framework/commit/75a489150ae24c2f3c794104a8e98fa43e2c9ce9 |
| generic_textual | MODERATE | https://github.com/encode/django-rest-framework/pull/6330 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T13:01:16.221659+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/02/GHSA-57h7-r3q3-w57j/GHSA-57h7-r3q3-w57j.json | 38.0.0 |