Django CMS 3.7.3 Error Message plugin_type cross site scripting

Det var en problematiskt svag punkt som finns i Django CMS 3.7.3 (Content Management System). Som påverkar en okänd funktion av komponenten Error Message Handler. Genom att installera en lapp, kan problemet lösas.

Fält12/01/2022 19:3415/01/2022 10:01
vendorDjangoDjango
nameCMSCMS
version3.7.33.7.3
componentError Message HandlerError Message Handler
argumentplugin_typeplugin_type
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.django-cms.org/en/blog/2020/07/22/django-cms-security-updates-1/https://www.django-cms.org/en/blog/2020/07/22/django-cms-security-updates-1/
namePatchPatch
cveCVE-2021-44649CVE-2021-44649
cve_assigned16387452001638745200
date1641942000 (12/01/2022)1641942000 (12/01/2022)
typeContent Management SystemContent Management System
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore3.53.5
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.43.4
price_0day$0-$5k$0-$5k
cve_nvd_summaryDjango CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!