Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django Filer
CVE-2024-11404

5.5MEDIUM

Key Information:

Vendor: Django Cms Association
Status: Django Filer
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-11404?

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.

Affected Version(s)

django Filer 3 < 3.3

References

https://www.usom.gov.tr/bildirim/tr-24-1864

https://www.django-cms.org/en/blog/2024/11/19/security-up...

https://iltosec.com/blog/post/cve-2024-11404-medium-sever...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Nov 19, 2024

Credit

Ali ILTIZAR