Vulnerabilities (CVE)

Filtered by vendor Django-cms Subscribe
Filtered by product Django Cms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44649 1 Django-cms 1 Django Cms 2024-02-28 3.5 LOW 5.4 MEDIUM
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
CVE-2015-5081 1 Django-cms 1 Django Cms 2024-02-28 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.