Lucene search
GoogleOSV:PYSEC-2022-7HistoryJan 12, 2022 - 1:15 p.m.
PYSEC-2022-7
2022-01-1213:15:00
Google
osv.dev
3
0.001 Low
EPSS
Percentile
24.8%
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| django-cms | eq | 3.6.0 | |
| django-cms | eq | 3.4.5 | |
| django-cms | eq | 3.7.1 | |
| django-cms | eq | 3.5.0 | |
| django-cms | eq | 3.4.4 | |
| django-cms | eq | 3.4.1 | |
| django-cms | eq | 3.5.2 | |
| django-cms | eq | 3.4.2 | |
| django-cms | eq | 3.5.3 | |
| django-cms | eq | 3.4.3 |
Related
nvd
nvd
CVE-2021-44649
2022-01-12 13:15:07
cve
cve
CVE-2021-44649
2022-01-12 13:15:07
cnvd
cnvd
Django Cross-Site Scripting Vulnerability (CNVD-2022-08043)
2022-01-16 00:00:00
cvelist
cvelist
CVE-2021-44649
2022-01-12 12:57:19
github
github
Cross-site Scripting in django-cms
2022-01-13 20:10:53
osv
osv
Cross-site Scripting in django-cms
2022-01-13 20:10:53
prion
prion
Cross site scripting
2022-01-12 13:15:00