71 matches found
GHSA-HX7C-QPFQ-XCRP Cross-site Scripting in django-cms
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
Cross site scripting
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
PYSEC-2022-7
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
PYSEC-2022-7
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...
CVE-2021-44649
CVE-2021-44649 affects Django CMS 3.7.3, where the plugin_type parameter is not validated when generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability that can execute arbitrary JavaScript in the affected user’s browser. The available connecte...
aimmo (>=0.61.9 <=0.69.10b450), ambition-edc (>=0.3.68 <=0.3.72) +65 more potentially affected by CVE-2021-33571 via django (>=2.2.0 <=2.2.22)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2021-33571 Source advisory: OSV:PYSEC-2021-99...
ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13596 via django (>=2.2.0 <=2.2.12)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13596 Source advisory: OSV:GHSA-2M34-JCJV-45XF...
ambition-edc (>=0.3.68 <=0.3.72), caluma (>=5.2.1 <=5.6.0) +35 more potentially affected by CVE-2020-13254 via django (>=2.2.0 <=2.2.12)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =0.0.1, =0.0.1, =0.3.0a0, =0.0.1, =0.0.1, =0.0.26 and more Source cves: CVE-2020-13254 Source advisory: OSV:GHSA-WPJR-J57X-WXFW...
CVE-2015-5081
Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...
django CMS Cross-Site Request Forgery Vulnerability
Django CMS is Django Software Foundation of a set of open source based on the Django framework for content management systems . Django CMS suffers from a cross-site request forgery vulnerability that allows remote attackers to construct malicious URIs, trick users into parsing them, and can targe...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...
CVE-2015-5081
Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...
CVE-2015-5081
CVE-2015-5081 affects django CMS; CSRF vulnerability allows remote attackers to influence privileged users into performing unknown actions. Affected versions include 3.0.x before 3.0.14 and 3.1.x before 3.1.1. Root cause details are not fully disclosed in the provided documents. Remediation: upgr...
django CMS 3.3.0 - (Editor, Snippet) stored XSS
No description provided by source...
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/...
Django CMS 3.3.0 - (Editor Snippet) Persistent Cross-Site Scripting
Exploit for php platform in category web applications Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186...
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting
Django CMS 3.3.0 - Editor Snippet Persistent Cross-Site Scripting Document Title: =============== Django CMS v3.3.0 - Editor Snippet Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1869 Security Release:...