Cross-site Scripting in django-cms

2022-01-1320:10:53

Google

osv.dev

0.001 Low

EPSS

Percentile

24.8%

JSON

Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.

CPENameOperatorVersion
django-cmseq3.6.0
django-cmseq3.7.1
django-cmseq3.4.5
django-cmseq3.5.0
django-cmseq3.5.2
django-cmseq3.5.3
django-cmseq3.4.1
django-cmseq3.4.2
django-cmseq3.4.4
django-cmseq3.4.3

Name	Operator	Version
django-cms	eq	3.6.0
django-cms	eq	3.7.1
django-cms	eq	3.4.5
django-cms	eq	3.5.0
django-cms	eq	3.5.2
django-cms	eq	3.5.3
django-cms	eq	3.4.1
django-cms	eq	3.4.2
django-cms	eq	3.4.4
django-cms	eq	3.4.3