CVE-2024-2319

Name of the Vulnerable Software and Affected Versions Django MarkdownX version 4.0.2

Description A Cross-Site Scripting (XSS) issue exists in the Django MarkdownX project due to the lack of proper sanitisation of JavaScript elements. This allows an attacker to store a specially crafted JavaScript payload in the upload functionality.

Recommendations For version 4.0.2, consider disabling the upload functionality until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the upload feature to minimize the risk of storing malicious JavaScript payloads.