vulnerability
FreeBSD: VID-aaab03be-932d-11e7-92d8-4b26fc968492 (CVE-2017-12794): Django -- possible XSS in traceback section of technical 500 debug page
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 6, 2017 | Sep 7, 2017 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 6, 2017
Added
Sep 7, 2017
Modified
Dec 10, 2025
Description
Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG = True (which makes this page accessible) in your production settings.
Solutions
freebsd-upgrade-package-py27-django110freebsd-upgrade-package-py34-django110freebsd-upgrade-package-py35-django110freebsd-upgrade-package-py36-django110freebsd-upgrade-package-py27-django111freebsd-upgrade-package-py34-django111freebsd-upgrade-package-py35-django111freebsd-upgrade-package-py36-django111
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.