CVE-2024-11319

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11319

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-11319.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-11319

Aliases

GHSA-gv5h-5655-h4mv

Published

2024-11-18T12:15:17Z

Modified

2024-11-22T04:59:44.580868Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.

References

Affected packages

Git / github.com/django-cms/django-cms

Affected ranges

Type: GIT
Repo: https://github.com/django-cms/django-cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

241d1cbe47a68f5d271ce4d27ad5e32e2c360ec3

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.1.0.beta2

2.1.0.rc1

2.1.0.rc2

2.1.0.rc3

2.1.0a-dev14

2.1.1

2.1.2

2.1.3

2.1.4

2.2

2.2b1

2.2rc1

2.2rc2

2.2rc3

2.3

2.3.1

2.3.2

2.3.2.rc1

2.3.3

2.3.4

2.3.5

2.3rc1

2.3rc2

2.4.0

2.4.0.beta

2.4.0.rc1

2.4.1

2.4.2

3.*

3.0

3.0.0.beta

3.0.0.beta2

3.0.0.beta3

3.0.1

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0c1

3.0c2

3.1

3.1.0b1

3.1.0rc1

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.2.0

3.2.0.rc1

3.2.0.rc10

3.2.0.rc11

3.2.0.rc12

3.2.0.rc13

3.2.0.rc14

3.2.0.rc2

3.2.0.rc3

3.2.0.rc4

3.2.0.rc5

3.2.0.rc6

3.2.0.rc7

3.2.0.rc8

3.2.0.rc9

3.2.1

3.2.2

3.2.3

3.3.0

3.3.0.rc1

3.3.0.rc2

3.3.0.rc3

3.3.0.rc4

3.4.0

3.4.0rc1

3.4.0rc2

3.4.0rc3

3.4.1

3.4.2

3.5.0

3.5.0rc1

3.5.1

3.5.2

4.*

4.0.0

4.0.0dev11

4.1.0

4.1.0rc1

4.1.0rc2

4.1.0rc3

4.1.0rc4

4.1.0rc5

4.1.1

Other

show

temporary