PYSEC-2024-124

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django-cms/PYSEC-2024-124.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2024-124

Aliases

Withdrawn

2024-11-22T04:37:03Z

Published

2024-11-18T12:15:00Z

Modified

2026-06-10T17:00:47.713543846Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.

References

Affected packages

PyPI / django-cms

Package

Name: django-cms; View open source insights on deps.dev
Purl: pkg:pypi/django-cms

Affected ranges

Type: GIT
Repo: https://github.com/django-cms/django-cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

241d1cbe47a68f5d271ce4d27ad5e32e2c360ec3

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

show

temporary

2.*

2.0.1

2.0.2

2.1.0.rc2

2.1.0.rc3

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.2

2.2.1

2.3rc1

2.3

2.3.1

2.3.2.rc1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.4.0.rc1

2.4.0

2.4.1

2.4.2

2.4.3

3.*

3.0.0.beta

3.0.0.beta2

3.0.0.beta3

3.0c1

3.0c2

3.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.1.0.b1

3.1.0rc1

3.1.0rc2

3.1.0

3.1

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.2.0.rc1

3.2.0.rc3

3.2.0.rc4

3.2.0.rc5

3.2.0.rc6

3.2.0.rc7

3.2.0.rc8

3.2.0.rc9

3.2.0.rc10

3.2.0.rc11

3.2.0.rc12

3.2.0.rc13

3.2.0.rc14

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.3.0rc2

3.3.0.rc2

3.3.0rc3

3.3.0.rc3

3.3.0rc4

3.3.0.rc4

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.4.0rc1

3.4.0rc2

3.4.0rc3

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.5.0rc1

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0rc1

3.6.0rc3

3.6.0

3.6.1

3.7.0rc1

3.7.0rc2

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0rc1

3.8.0

3.8.1

3.8.2

3.9.0rc1

3.9.0rc2

3.9.0rc3

3.9.0

3.10.0rc1

3.10.0rc2

3.10.0

3.10.1rc1

3.10.1

3.11.0

3.11.1rc1

3.11.1

3.11.2

3.11.3

3.11.4

3.11.5

3.11.6

3.11.7

3.11.8

3.11.9

3.11.10

3.11.11

4.*

4.0.0dev11

4.0.0

4.1.0rc1

4.1.0rc2

4.1.0rc3

4.1.0rc4

4.1.0rc5

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.9

4.1.10

4.1.11

5.*

5.0.0a1

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.1.0.dev1

5.1.0a1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/django-cms/PYSEC-2024-124.yaml"