Cross-Site Scripting vulnerability in Django MarkdownX
Posted date 08/03/2024
Identificador
INCIBE-2024-0127
Importance
3 - Medium
Affected Resources
Django MarkdownX, version 4.0.2.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting Django MarkdownX, version 4.0.2, a Markdown add-on created for Django, the high-level Python web framework, which has been discovered by Julián J. Menéndez, of Hispasec Sistemas.
This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:
- CVE-2024-2319: 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.
Solution
There is no reported solution at this time.
Detail
CVE-2024-2319: Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.
References list
Etiquetas