Cross-Site Scripting vulnerability in Django MarkdownX

Posted date 08/03/2024
3 - Medium
Affected Resources

Django MarkdownX, version 4.0.2.


INCIBE has coordinated the publication of a medium severity vulnerability affecting Django MarkdownX, version 4.0.2, a Markdown add-on created for Django, the high-level Python web framework, which has been discovered by Julián J. Menéndez, of Hispasec Sistemas.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-2319: 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.

There is no reported solution at this time.


CVE-2024-2319: Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.

References list