CVE-2017-20182: 
Python vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Mobile Vikings Django AJAX Utilities versions up to 1.2.1. The vulnerability affects the Pagination function in the file django_ajax/static/ajax-utilities/js/pagination.js, specifically in the Backslash Handler component. The issue was disclosed on March 9, 2023, and has been assigned CVE-2017-20182 (NVD).

The vulnerability stems from improper handling of the URL argument in the Pagination function. Modern browsers treat backslashes as normal slashes when used in URLs, allowing attackers to bypass XSS protection by using patterns like '#page:/\google.com' instead of '#page://google.com'. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD, Github Patch).

If exploited, this vulnerability could allow remote attackers to execute cross-site scripting attacks when users interact with the affected component. The attack can be initiated remotely and could lead to the disclosure of sensitive information or manipulation of web content presented to users (NVD).

A patch has been released and is available in commit 329eb1dd1580ca1f9d4f95bc69939833226515c9. The fix involves improving the URL validation to properly handle backslash characters. It is recommended to update to a patched version of the software (Github Patch).