django-cms
PyPI3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting django-cmspage 1 of 1
- CVE-2015-5081HIGHCVSS 8.8EG 8.8✓ Fixed in 3.1.12017-08-18
vulnerable: 2.0.1 ... 2.1.0.rc2 (50 versions)
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
- CVE-2021-44649MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.7.42022-01-12
vulnerable: 3.4.0 ... 3.7.3 (16 versions)
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary Jav…
- CVE-2024-11319MEDIUMCVSS 4.8EG 4.8✓ Fixed in 241d1cbe47a68f5d271ce4d27ad5e32e2c360ec32024-11-18
vulnerable: 2.0.1 ... 2.1.0.rc2 (180 versions)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS). This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.
Check whether django-cms is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for django-cms CVEs against the assets you own.
Start Free Scan →