CVE-2024-11404 MEDIUM

CVE-2024-11404: File Upload Bypass in django Filer

Vendor Django Cms Association
Product django Filer
Weakness CWE-434 · Unrestricted file upload
Published November 20, 2024
Last update June 2, 2026

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS. This issue affects django Filer: from 3 before 3.3.

Key dates

02Disclosure timeline

November 20, 2024 CVE published
June 2, 2026 Record updated