Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
CPE | Name | Operator | Version |
---|---|---|---|
django_cms | ge | 3.7.0 | |
django_cms | lt | 3.7.4 | |
django_cms | ge | 3.6.0 | |
django_cms | lt | 3.6.1 | |
django_cms | ge | 3.5.0 | |
django_cms | lt | 3.5.4 | |
django_cms | ge | 3.4.0 | |
django_cms | lt | 3.4.7 |