Description
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
Remediation
References
Related Vulnerabilities
WordPress Plugin Multi Rating Multiple Vulnerabilities (5.0.5)
WordPress Plugin Kish Guest Posting 'uploadify.php' Arbitrary File Upload (1.2)
WordPress Plugin WP Support Plus Responsive Ticket System Security Bypass (7.1.4)
MyBB Other Vulnerability (CVE-2010-4628)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Security Bypass (3.2.13)