Description
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
Remediation
References
Related Vulnerabilities
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)
WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.4)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)
Lighttpd Use After Free Vulnerability (CVE-2013-4560)
Oracle Application Server CVE-2009-1010 Vulnerability (CVE-2009-1010)