CVE-2024-11404

Published: Nov 20, 2024Modified: Jun 2, 2026Deferred

5.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploitability: 2.1 / Impact: 3.4

Source: iletisim@usom.gov.tr (Secondary)

Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3.

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References (5)

https://iltosec.com/blog/post/cve-2024-11404-medium-severity-file-upload-vulnerabilities-in-django-filer-323/

Source: iletisim@usom.gov.tr

https://pypi.org/project/django-filer/

Source: iletisim@usom.gov.tr

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1864

Source: iletisim@usom.gov.tr

https://www.django-cms.org/en/blog/2024/11/19/security-updates-for-django-filer-and-django-cms-attributes-field/

Source: iletisim@usom.gov.tr

https://www.usom.gov.tr/bildirim/tr-24-1864

Source: iletisim@usom.gov.tr

Timeline

No history available yet.