CVE-2021-44649

EPSS 0.33% · P56 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-44649

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Django 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django CMS 3.7.3 存在安全漏洞，该漏洞源于在为无效插件类型生成错误消息时不验证 plugin_type 参数。该漏洞允许攻击者在受影响用户的 Web 浏览器中执行任意 JavaScript 代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-44649

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-44649

请登录查看更多情报信息。

https://www.django-cms.org/en/blog/2020/07/22/django-cms-security-updates-1/x_refsource_MISC
Django CMS - Reflected XSS Vulnerability · Sahil Dharx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-44649

Same Patch Batch · n/a · 2022-01-12 · 28 CVEs total

CVE-2021-45445		Unisys ClearPath MCP 代码问题漏洞
CVE-2021-37530		Xfig 缓冲区错误漏洞
CVE-2021-37529		Xfig 资源管理错误漏洞
CVE-2021-46225		libMeshb 安全漏洞
CVE-2021-45449		Docker 日志信息泄露漏洞
CVE-2021-41597		SuiteCRM 跨站请求伪造漏洞
CVE-2021-42559		Caldera 命令注入漏洞
CVE-2021-42558		Caldera 跨站脚本漏洞
CVE-2021-42560		Caldera 代码问题漏洞
CVE-2021-42561		Caldera 注入漏洞
CVE-2021-42562		Caldera 安全漏洞
CVE-2021-43960		Lorensbergs Connect2 跨站脚本漏洞
CVE-2021-28376		ChronoEngine ChronoForms 路径遍历漏洞
CVE-2021-28377		ChronoEngine ChronoForms 路径遍历漏洞
CVE-2021-36417		GPAC 缓冲区错误漏洞
CVE-2021-43436		MartDevelopers Iresturant 跨站脚本漏洞
CVE-2021-45411		Printable Staff Id Card Creator System 代码问题漏洞
CVE-2021-44652		Zoho ManageEngine O365 Manager Plus 安全漏洞
CVE-2021-44651		ZOHO ManageEngine Cloud Security Plus 代码问题漏洞
CVE-2021-44650		Zoho ManageEngine M365 Manager Plus 安全漏洞

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-44649

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-44649

I. Basic Information for CVE-2021-44649

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-44649

III. Intelligence Information for CVE-2021-44649

Same Patch Batch · n/a · 2022-01-12 · 28 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-44649

Leave a comment