CVE-2024-11319
MEDIUMdjango-cms 3.11.7-3.11.8 4.1.2-4.1.3 - Stored Cross-Site Scripting in Page Title Field
Title source: llmDescription
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS). This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.
References (5)
Core 5
Core References
Government Resource government-resource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1859
Third Party Advisory government-resource
broken-link
https://www.usom.gov.tr/bildirim/tr-24-1859
Scores
CVSS v3
4.8
EPSS
0.0049
EPSS Percentile
38.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (11)
django CMS Association/django-cms
3.11.7
django CMS Association/django-cms
3.11.8
django CMS Association/django-cms
4.1.2
django CMS Association/django-cms
4.1.3
django CMS Association/django-cms
4.1.4
django-cms/django_cms
3.11.7
django-cms/django_cms
3.11.8
django-cms/django_cms
4.1.2
django-cms/django_cms
4.1.3
pypi/django-cms
3.11.7 - 3.11.9PyPI
... and 1 more
Published
Nov 18, 2024
Tracked Since
Feb 18, 2026