Vulnerability Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/django-cms/djangocms-attributes-field/commit/fe68d29ab78db588
- https://iltosec.com/blog/post/djangocms-attributes-field-300-stored-xss-vulnerab
- https://pypi.org/project/djangocms-attributes-field/#history
- https://www.django-cms.org/en/blog/2024/11/19/security-updates-for-django-filer-
- https://www.usom.gov.tr/bildirim/tr-24-1864
FAQ
What is CVE-2024-11406?
CVE-2024-11406 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects dj...
How severe is CVE-2024-11406?
CVE-2024-11406 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-11406?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.