RSS   Podatności dla 'Django cms'   RSS

2022-01-12
 
CVE-2021-44649

CWE-79
 
 
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.

 
2017-08-18
 
CVE-2015-5081

 
 
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.

 

Copyright 2024, cxsecurity.com

 

Back to Top