2 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. django-wiki es un sistema wiki para Django. Las instalaciones de django-wiki anteriores a la versión 0.10.1 son vulnerables al contenido de artículos creados con fines malintencionados que pueden causar un uso severo de la CPU del servidor a través de un bucle de expresión regular. • https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. En Django-wiki, versiones 0.0.20 a 0.7.8, son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) Almacenado en la sección de notificaciones. Un atacante que tenga acceso a las páginas de edición puede inyectar una carga útil de JavaScript en el campo title. • https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •