{"uuid": "ffea57ca-1ec3-46f2-b5ec-f32cad6d1f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44649", "type": "seen", "source": "https://t.me/cibsecurity/35327", "content": "\u203c CVE-2021-44649 \u203c\n\nDjango CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-12T16:17:06.000000Z"}