CVE-2021-44649
Description
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.33
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms 3.4.7 | Windows |
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms 3.5.4 | Windows |
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms 3.6.1 | Windows |
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms 3.7.4 | Windows |
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms for linux 3.4.7 | Linux |
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms for linux 3.5.4 | Linux |
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms for linux 3.6.1 | Linux |
| Vulnerabilities CVE-2021-44649 are fixed in Python-django-cms for linux 3.7.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234