This page lists publicly disclosed CVE vulnerabilities affecting django-cms django_cms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-11319 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS). This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3. | [email protected] | 4.8 | 0.65% | 2024-11-18 | 2026-06-02 |
| CVE-2021-44649 | Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user. | [email protected] | 5.4 | 0.33% | 2022-01-12 | 2024-11-21 |
| CVE-2015-5081 | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | [email protected] | 8.8 | 0.20% | 2017-08-18 | 2026-05-13 |