Medium severity6.9OSV Advisory· Published Nov 20, 2024· Updated Jun 17, 2026
CVE-2024-11406
CVE-2024-11406
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.
This issue affects django CMS Attributes Fields: before 4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
djangocms-attributes-fieldPyPI | < 4.0.0 | 4.0.0 |
Affected products
2- Range: 0.0.1, 0.0.2, 0.0.3, …
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-vxcv-4xvf-pc22ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-11406ghsaADVISORY
- github.com/django-cms/djangocms-attributes-field/commit/fe68d29ab78db5885bc31b67cf0537f1f02b33adnvdWEB
- iltosec.com/blog/post/djangocms-attributes-field-300-stored-xss-vulnerabilityghsaWEB
- pypi.org/project/djangocms-attributes-field/nvdWEB
- siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1864nvdWEB
- www.django-cms.org/en/blog/2024/11/19/security-updates-for-django-filer-and-django-cms-attributes-fieldghsaWEB
- www.usom.gov.tr/bildirim/tr-24-1864nvdWEB
- iltosec.com/blog/post/djangocms-attributes-field-300-stored-xss-vulnerability/nvd
- www.django-cms.org/en/blog/2024/11/19/security-updates-for-django-filer-and-django-cms-attributes-field/nvd
News mentions
0No linked articles in our index yet.