CVE-2024-11406

CVSS 3.1 Score 6.9 of 10 (medium)

Details

Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 79

Summary

CVE-2024-11406 is an XSS (Cross-Site Scripting) vulnerability affecting the django CMS Attributes Fields module before version 4.0. The issue arises due to improper neutralization of user input during web page generation. An attacker can inject and execute malicious scripts in a stored format, exploiting this vulnerability to gain unauthorized access or steal sensitive data from unsuspecting users. This poses a significant risk for websites using the affected django CMS Attributes Fields and emphasizes the importance of keeping software up-to-date to mitigate potential threats.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share