CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39317 – Wagtail regular expression denial-of-service via search query parsing
https://notcve.org/view.php?id=CVE-2024-39317
11 Jul 2024 — Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. • https://github.com/wagtail/wagtail/commit/31b1e8532dfb1b70d8d37d22aff9cbde9109cdf2 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45809 – Disclosure of user names via admin bulk action views in wagtail
https://notcve.org/view.php?id=CVE-2023-45809
19 Oct 2023 — Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visit... • https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28837 – Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
https://notcve.org/view.php?id=CVE-2023-28837
03 Apr 2023 — Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site ... • https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28836 – Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
https://notcve.org/view.php?id=CVE-2023-28836
03 Apr 2023 — Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordina... • https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 3CVE-2021-32681 – Improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks
https://notcve.org/view.php?id=CVE-2021-32681
17 Jun 2021 — Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users t... • https://github.com/wagtail/wagtail/releases/tag/v2.11.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29434 – Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
https://notcve.org/view.php?id=CVE-2021-29434
19 Apr 2021 — Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced Gi... • https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15118 – Cross-Site Scripting in Wagtail
https://notcve.org/view.php?id=CVE-2020-15118
20 Jul 2020 — In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as th... • https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11037 – Potential Observable Timing Discrepancy in Wagtail
https://notcve.org/view.php?id=CVE-2020-11037
30 Apr 2020 — In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on t... • https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6 • CWE-208: Observable Timing Discrepancy CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-11001 – Possible XSS attack in Wagtail
https://notcve.org/view.php?id=CVE-2020-11001
14 Apr 2020 — In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have... • https://github.com/wagtail/wagtail/commit/61045ceefea114c40ac4b680af58990dbe732389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •