CVE-2021-44649: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Django CMS does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
References
Detect and mitigate CVE-2021-44649 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →