CVE-2024-11404

Summary

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.

This issue affects django Filer: from 3 before 3.3.

Affected Software

VendorProductVersion RangeStatus
django CMS Associationdjango Filer3 < 3.3affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
  • CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References