django-cms@4.1.2 vulnerabilities

Lean enterprise content management powered by Django.

Direct Vulnerabilities

Known vulnerabilities in the django-cms package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the Page Title field of the /admin/cms/pagecontent/ endpoint due to improper user input sanitization. By submitting crafted input, an attacker can inject malicious scripts that are executed in the browser of any user viewing the manipulated content.

How to fix Cross-site Scripting (XSS)?

Upgrade django-cms to version 3.11.9, 4.1.4 or higher.

[3.11.7,3.11.9) [4.1.2,4.1.4)