GrepRules
Sign inPublish rule
Explore/cve-2024-47063-django-httpresponse-json-xss

CVE-2024-47063: Django Httpresponse Json Xss

Returning JSON data via `HttpResponse` without explicitly setting the `content_type` defaults to `text/html`. If the JSON contains user-controlled input, an attacker could exploit this to perform Cross-Site Scripting (XSS) by tricking the browser into interpreting the JSON document as HTML. To fix this, use `django.http.JsonResponse` or explicitly pass `cont

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0Python
greprules fetch cve-2024-47063-django-httpresponse-json-xss --engine opengrep

Description

Returning JSON data via `HttpResponse` without explicitly setting the `content_type` defaults to `text/html`. If the JSON contains user-controlled input, an attacker could exploit this to perform Cross-Site Scripting (XSS) by tricking the browser into interpreting the JSON document as HTML. To fix this, use `django.http.JsonResponse` or explicitly pass `cont

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 77How quality works
Included packs
2 packs