GHSA-fvx8-79hx-x82f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fvx8-79hx-x82f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-fvx8-79hx-x82f/GHSA-fvx8-79hx-x82f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fvx8-79hx-x82f
- Aliases
-
- CVE-2024-2319
- Published
- 2024-03-08T15:30:32Z
- Modified
- 2024-03-08T16:42:10.748187Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Django MarkdownX Cross-Site Scripting (XSS) vulnerability
- Details
-
Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2024-03-08T16:26:12Z", "nvd_published_at": "2024-03-08T14:15:52Z", "severity": "MODERATE" }- References
Affected packages
PyPI / django-markdownx
Package
- Name
- django-markdownx
- View open source insights on deps.dev
- Purl
- pkg:pypi/django-markdownx
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.0.2
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.2.0
0.2.9
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.1.2
1.1.3
1.2
1.2.1
1.3
1.4
1.4.1
1.4.2
1.4.3
1.5
1.6
1.6.1
1.6.2
1.6.3
1.7
1.7.1
1.7.2
1.8.1
2.*
2.0.0
2.0.1
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
3.*
3.0.0
3.0.1
4.*
4.0.0b1
4.0.0
4.0.1
4.0.2