CVE-2024-11319

Published: Nov 18, 2024Modified: Jun 2, 2026

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD (Secondary)

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS). This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.

Affected (4)

Products: Django Cms: Django Cms

Django Cms

1 product

Django Cms

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Django Cms Django Cms	Version 3.11.7
Django Cms Django Cms	Version 3.11.8
Django Cms Django Cms	Version 4.1.2
Django Cms Django Cms	Version 4.1.3

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (5)

https://github.com/django-cms/django-cms/commit/241d1cbe47a68f5d271ce4d27ad5e32e2c360ec3

Source: iletisim@usom.gov.tr

Patch

https://iltosec.com/blog/post/django-cms-413-stored-xss-vulnerability-exploiting-the-page-title-field/

Source: iletisim@usom.gov.tr

Exploit

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1859

Source: iletisim@usom.gov.tr

https://www.django-cms.org/en/blog/2024/11/13/django-cms-security-update/

Source: iletisim@usom.gov.tr

Vendor Advisory

https://www.usom.gov.tr/bildirim/tr-24-1859

Source: iletisim@usom.gov.tr

Third Party Advisory

Timeline

No history available yet.