CVE-2024-11406
CVSS 3.1 Score 6.9 of 10 (medium)
Details
Summary
CVE-2024-11406 is an XSS (Cross-Site Scripting) vulnerability affecting the django CMS Attributes Fields module before version 4.0. The issue arises due to improper neutralization of user input during web page generation. An attacker can inject and execute malicious scripts in a stored format, exploiting this vulnerability to gain unauthorized access or steal sensitive data from unsuspecting users. This poses a significant risk for websites using the affected django CMS Attributes Fields and emphasizes the importance of keeping software up-to-date to mitigate potential threats.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.