CVE-2024-22199— Django Template Engine Vulnerable to XSS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-22199
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Django Template Engine Vulnerable to XSS
Source: NVD (National Vulnerability Database)
Vulnerability Description
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fiber 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Fiber是一款使用Go语言编写的开源Web框架。 Fiber template 3.1.9之前版本存在安全漏洞,该漏洞源于存在跨站脚本(XSS)漏洞。攻击者可利用该漏洞在浏览器中执行恶意脚本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2024-22199
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-22199
请登录查看更多情报信息。
- https://github.com/gofiber/template/security/advisories/GHSA-4mq2-gc4j-cmw6x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2024-22199
IV. Related Vulnerabilities
Same vendor: gofiber
- CVE-2026-30246
github.com/gofiber/fiber/v3 cache middleware can mix respons - CVE-2026-25899
Fiber is Vulnerable to Denial of Service via Flash Cookie Un - CVE-2026-25891
Fiber has an Arbitrary File Read in Static Middleware on Win - CVE-2026-25882
Fiber has a Denial of Service Vulnerability via Route Parame - CVE-2025-66630
Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID()
Same weakness: CWE-20
V. Comments for CVE-2024-22199
No comments yet