Description
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
Remediation
References
Related Vulnerabilities
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-43560)
WordPress Plugin WooCommerce Potential PHP Object Injection (3.4.4)
WordPress Plugin Email Queue by BestWebSoft Cross-Site Scripting (1.1.1)
XWiki Improper Authentication Vulnerability (CVE-2022-36093)