Inadequate Encryption Strength
In Django User Sessions (django-user-sessions), the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However, if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen.