Unknown · Django Markdownx · CVE-2024-2319
**Name of the Vulnerable Software and Affected Versions**
Django MarkdownX version 4.0.2
**Description**
A Cross-Site Scripting (XSS) issue exists in the Django MarkdownX project due to the lack of proper sanitisation of JavaScript elements. This allows an attacker to store a specially crafted JavaScript payload in the upload functionality.
**Recommendations**
For version 4.0.2, consider disabling the upload functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the upload feature to minimize the risk of storing malicious JavaScript payloads.