Base Score

MEDIUM6.9

CVE-2024-11406

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0.

VectorNETWORK

Published Byiletisim@usom.gov.tr

Published DateNov 20, 2024, 12:15

Affected Versions(1)

djangocms-attributes-field(PyPI)

Introduced0

Fixed4.0.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
djangocms-attributes-field(PyPI)	0	4.0.0	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.9

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

MEDIUM6.9

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.9

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

NONE