Django CMS 3.7.3 Error Message plugin_type cross site scripting

A vulnerability, which was classified as problematic, was found in Django CMS 3.7.3 (Content Management System). Affected is an unknown part of the component Error Message Handler. Applying a patch is able to eliminate this problem.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

121
020

Field

source_cve_nvd_summary1
exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1

Commit Conf

90%29
50%11
70%1

Approve Conf

90%29
80%11
70%1
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1205015701/15/2022VulD...cve_nvd_summaryDjango CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.cve.mitre.org01/15/2022accepted
70
1203727201/12/2022VulD...price_0day$0-$5ksee exploit price documentation01/12/2022accepted
90
1203727101/12/2022VulD...cvss3_meta_tempscore3.4see CVSS documentation01/12/2022accepted
90
1203727001/12/2022VulD...cvss3_meta_basescore3.5see CVSS documentation01/12/2022accepted
90
1203726901/12/2022VulD...cvss3_vuldb_tempscore3.4see CVSS documentation01/12/2022accepted
90
1203726801/12/2022VulD...cvss3_vuldb_basescore3.5see CVSS documentation01/12/2022accepted
90
1203726701/12/2022VulD...cvss2_vuldb_tempscore3.5see CVSS documentation01/12/2022accepted
90
1203726601/12/2022VulD...cvss2_vuldb_basescore4.0see CVSS documentation01/12/2022accepted
90
1203726501/12/2022VulD...cvss3_vuldb_eXderived from historical data01/12/2022accepted
80
1203726401/12/2022VulD...cvss3_vuldb_prLderived from historical data01/12/2022accepted
80
1203726301/12/2022VulD...cvss2_vuldb_eNDderived from historical data01/12/2022accepted
80
1203726201/12/2022VulD...cvss2_vuldb_auSderived from historical data01/12/2022accepted
80
1203726101/12/2022VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector01/12/2022accepted
80
1203726001/12/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector01/12/2022accepted
80
1203725901/12/2022VulD...cvss2_vuldb_aiNderived from vuldb v3 vector01/12/2022accepted
80
1203725801/12/2022VulD...cvss2_vuldb_iiPderived from vuldb v3 vector01/12/2022accepted
80
1203725701/12/2022VulD...cvss2_vuldb_ciNderived from vuldb v3 vector01/12/2022accepted
80
1203725601/12/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector01/12/2022accepted
80
1203725501/12/2022VulD...cvss2_vuldb_avNderived from vuldb v3 vector01/12/2022accepted
80
1203725401/12/2022VulD...typeContent Management System01/12/2022accepted
90

21 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!