CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29434 – Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
https://notcve.org/view.php?id=CVE-2021-29434
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. • https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx https://pypi.org/project/wagtail • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15118 – Cross-Site Scripting in Wagtail
https://notcve.org/view.php?id=CVE-2020-15118
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). • https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34 https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11037 – Potential Observable Timing Discrepancy in Wagtail
https://notcve.org/view.php?id=CVE-2020-11037
In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9. • https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6 • CWE-208: Observable Timing Discrepancy CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-11001 – Possible XSS attack in Wagtail
https://notcve.org/view.php?id=CVE-2020-11001
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch). En Wagtail versiones anteriores a 2.8.1 y 2.7.2, se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en la vista de comparación de la revisión de página dentro de la interfaz de administración de Wagtail. • https://github.com/wagtail/wagtail/commit/61045ceefea114c40ac4b680af58990dbe732389 https://github.com/wagtail/wagtail/releases/tag/v2.8.1 https://github.com/wagtail/wagtail/security/advisories/GHSA-v2wc-pfq2-5cm6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •