CVE-2024-11404

Published Nov 20, 2024

Last updated 3 months ago

CVSS medium 5.5

Overview

Description
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.
Source
iletisim@usom.gov.tr
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.4
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

iletisim@usom.gov.tr
CWE-20

Social media

Hype score
Not currently trending

  1. 🚀 Excited to announce that I’ve identified two new vulnerabilities during my testing of Django CMS and have been assigned CVEs for both! 🎉 📌 Vulnerabilities Identified: CVE-2024-11404 - https://t.co/3hzVoM4x67 CVE-2024-11406 - https://t.co/q6qpFOmLSb #CVE

    @iltosec

    20 Nov 2024

    77 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

References