Release date: 2012-4 4
Updated on:
Affected Systems:
Django CMS 2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57559
Django CMS uses pony as the Technical Support CMS and can be edited at the front end.
The page_attribute template tags of earlier versions of django CMS 2.3.5 are not properly filtered. The HTML injection vulnerability exists in the implementation. After successful exploitation, HTML and script code can be executed in the affected browser.
<* Source: vendor
Link: http://secunia.com/advisories/51953/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Django CMS
----------
The vendor has released a patch to fix this security problem. Please download version 2.3.5 from the vendor's homepage:
Https://www.django-cms.org/en/