django CMS security updates
The updated django CMS releases are now available from
Details
django CMS 4.1.4 and django CMS 3.11.9 close a security vulnerability that could allow an attacker to inject malicious code into the page title, allowing to load arbitrary javascript code when viewing the page. We recommend that you upgrade to this version as soon as possible.
The security issue is of low severity, since an attacker needs to have access to the django CMS admin interface to exploit it.
This issue exists in django CMS 3.11.7, 3.11.8, 4.1.2, and 4.1.3. Other versions of djanog CMS are not affected.
Thanks to Ali İltizar for the detailed report through our security email.
As ever, we remind our users and contributors that all security reports, patches and concerns be addressed only to our security team by email, at [email protected].
Please do not use GitHub, our email lists or Discord to report, address or otherwise discuss matters relating to security. Directly mail [email protected]
