Lucene search
K

71 matches found

OSV
OSV
added 2022/01/13 8:10 p.m.4 views

GHSA-HX7C-QPFQ-XCRP Cross-site Scripting in django-cms

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS6.4AI score0.00617EPSS
Exploits1References6
NVD
NVD
added 2022/01/12 1:15 p.m.30 views

CVE-2021-44649

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS0.00617EPSS
Exploits1References2
OSV
OSV
added 2022/01/12 1:15 p.m.6 views

CVE-2021-44649

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS5.4AI score
Exploits0References2
Prion
Prion
added 2022/01/12 1:15 p.m.17 views

Cross site scripting

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

3.5CVSS5.4AI score0.00617EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/12 1:15 p.m.9 views

PYSEC-2022-7

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS6.4AI score0.00617EPSS
Exploits1References3
PyPA
PyPA
added 2022/01/12 1:15 p.m.7 views

PYSEC-2022-7

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS6.5AI score0.00617EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/01/12 12:57 p.m.30 views

CVE-2021-44649

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.7AI score0.00617EPSS
Exploits1References2
CVE
CVE
added 2022/01/12 12:57 p.m.73 views

CVE-2021-44649

CVE-2021-44649 affects Django CMS 3.7.3, where the plugin_type parameter is not validated when generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability that can execute arbitrary JavaScript in the affected user’s browser. The available connecte...

5.4CVSS5.4AI score0.00617EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2021/06/08 6:15 p.m.4 views

aimmo (>=0.61.9 <=0.69.10b450), ambition-edc (>=0.3.68 <=0.3.72) +65 more potentially affected by CVE-2021-33571 via django (>=2.2.0 <=2.2.22)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2021-33571 Source advisory: OSV:PYSEC-2021-99...

7.5CVSS7AI score0.03058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/05 4:24 p.m.9 views

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13596 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...

6.1CVSS6.7AI score0.02873EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/05 4:20 p.m.5 views

ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13254 via django (>=2.2.0 <=2.2.12)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13254 Source advisory: OSV:GHSA-WPJR-J57X-WXFW...

5.9CVSS6.7AI score0.0609EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/05 4:53 p.m.18 views

CVE-2015-5081

Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...

8.8CVSS6.8AI score0.01036EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/21 12:0 a.m.4 views

django CMS Cross-Site Request Forgery Vulnerability

Django CMS is Django Software Foundation of a set of open source based on the Django framework for content management systems . Django CMS suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can targe...

8.8CVSS8.7AI score0.01036EPSS
Exploits0References1
Prion
Prion
added 2017/08/18 6:29 p.m.10 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...

6.8CVSS7.3AI score0.01036EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/08/18 6:0 p.m.21 views

CVE-2015-5081

Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...

8.7AI score0.01036EPSS
Exploits0References3
CVE
CVE
added 2017/08/18 6:0 p.m.59 views

CVE-2015-5081

CVE-2015-5081 affects django CMS; CSRF vulnerability allows remote attackers to influence privileged users into performing unknown actions. Affected versions include 3.0.x before 3.0.14 and 3.1.x before 3.1.1. Root cause details are not fully disclosed in the provided documents. Remediation: upgr...

8.8CVSS8.6AI score0.01036EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2016/08/01 12:0 a.m.20 views

django CMS 3.3.0 - (Editor, Snippet) stored XSS

No description provided by source...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/07/20 12:0 a.m.58 views

Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting

Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/...

6.1CVSS6.6AI score0.05536EPSS
Exploits6
0day.today
0day.today
added 2016/07/20 12:0 a.m.78 views

Django CMS 3.3.0 - (Editor Snippet) Persistent Cross-Site Scripting

Exploit for php platform in category web applications Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186...

4.3CVSS6.6AI score0.05536EPSS
Exploits6
exploitpack
exploitpack
added 2016/07/20 12:0 a.m.46 views

Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting

Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release:...

4.3CVSS6.3AI score0.05536EPSS
Exploits6
Rows per page
Query Builder