FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django-cms -- XSS Vulnerability

Affected packages
py-django-cms < 2.3.5

Details

VuXML ID 3886cafe-668c-11e2-94b8-1c4bd681f0cf
Discovery 2012-12-04
Entry 2013-01-25

Cross-site scripting (XSS) vulnerability

Jonas Obrist reports: The security issue allows users with limited admin access to elevate their privileges through XSS injection using the page_attribute template tag. Only users with admin access and the permission to edit at least one django CMS page object could exploit this vulnerability. Websites that do not use the page_attribute template tag are not affected.

References

URL https://www.django-cms.org/en/blog/2012/12/04/2-3-5-security-release/