CVE-2024-2319: Django MarkdownX Cross-Site Scripting (XSS) vulnerability

March 8, 2024

Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.

References

github.com/advisories/GHSA-fvx8-79hx-x82f
github.com/neutronX/django-markdownx
nvd.nist.gov/vuln/detail/CVE-2024-2319
www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-django-markdownx

Detect and mitigate CVE-2024-2319 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →