PyPI: django-markdownx

CVE-2024-2319

Safety vulnerability ID: SFTY-20240308-14763

Safety legacy ID: pyup.io-66965

Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements. See CVE-2024-2319.

PythonPyPINVDNVDGitHubGHSA
Created at: May 22, 2026Updated at: May 22, 2026

Overview

Django MarkdownX Cross-Site Scripting (XSS) vulnerability

Advisory

Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements. See CVE-2024-2319.

Affected Package

Affecting django-markdownx package, versions
<=4.0.2

Also affects

---

How to Fix

Upgrade
django-markdownx
to
4.0.3
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more