Django CMS 3.7.3 Error Message plugin_type cross site scripting

InträderedigeraHistoryDiffjsonxmlCTI

Det var en problematiskt svag punkt som finns i Django CMS 3.7.3 (Content Management System). Som påverkar en okänd funktion av komponenten Error Message Handler. Genom att installera en lapp, kan problemet lösas.

Fält	12/01/2022 19:34	15/01/2022 10:01
vendor	Django	Django
name	CMS	CMS
version	3.7.3	3.7.3
component	Error Message Handler	Error Message Handler
argument	plugin_type	plugin_type
cwe	79 (cross site scripting)	79 (cross site scripting)
risk	1	1
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	L	L
cvss3_vuldb_a	N	N
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
url	https://www.django-cms.org/en/blog/2020/07/22/django-cms-security-updates-1/	https://www.django-cms.org/en/blog/2020/07/22/django-cms-security-updates-1/
name	Patch	Patch
cve	CVE-2021-44649	CVE-2021-44649
cve_assigned	1638745200	1638745200
date	1641942000 (12/01/2022)	1641942000 (12/01/2022)
type	Content Management System	Content Management System
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5
cvss3_vuldb_basescore	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4
cvss3_meta_basescore	3.5	3.5
cvss3_meta_tempscore	3.4	3.4
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.

◂ Tidigare Översikt Nästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!