CVE-2024-35180: Django Jsonp Callback Xss

Unvalidated JSONP callback parameter directly embedded in the response can lead to Reflected Cross-Site Scripting (XSS) or arbitrary code execution.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

Python

greprules fetch cve-2024-35180-django-jsonp-callback-xss --engine opengrep

Description

Unvalidated JSONP callback parameter directly embedded in the response can lead to Reflected Cross-Site Scripting (XSS) or arbitrary code execution.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 80How quality works
Included packs: 2 packs

0 signals from signed-in users.