PYSEC-2026-1298

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django-filer/PYSEC-2026-1298.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1298
Aliases
Published
2026-07-07T14:34:45.291287Z
Modified
2026-07-07T17:46:34.867108233Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Django Filer Unrestricted Upload of File with Dangerous Type
Details

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.

References

Affected packages

PyPI / django-filer

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.0

Affected versions

0.*
0.1.3a
0.7.0
0.7.1
0.7.2
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.9.10
0.9.11
0.9.12
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6rc1
1.2.6rc2
1.2.6
1.2.7
1.2.8
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.5.0
1.6.0
1.7.0
1.7.1
2.*
2.0.0
2.0.1
2.0.2
2.1rc1
2.1rc2
2.1rc3
2.1rc4
2.1
2.1.1
2.1.2
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3rc1
3.*
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.2.1
3.2.2
3.2.3

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/django-filer/PYSEC-2026-1298.yaml"