Description
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Revive Old Post-Auto Post to Social Media Security Bypass (6.9.3)
WordPress 6.0.x Multiple Vulnerabilities (6.0 - 6.0.1)
WordPress Plugin ACF:Better Search Cross-Site Request Forgery (3.3.0)
Opencart Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3990)
WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)