Description
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
Remediation
References
Related Vulnerabilities
WordPress Plugin Active Extra Fields Cross-Site Scripting (1.0.1)
Oracle Database Server CVE-2012-3146 Vulnerability (CVE-2012-3146)
WordPress Plugin iPages Flipbook For WordPress Cross-Site Scripting (1.4.2)
WordPress Plugin WP Email Template PHP Object Injection (2.4.0)
Envoy Proxy Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-8660)