CVE-2020-15118
- EPSS 0.6%
- Veröffentlicht 20.07.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:04:51
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML ...
CVE-2020-11037
- EPSS 0.05%
- Veröffentlicht 30.04.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:39
In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character...
CVE-2020-11001
- EPSS 0.36%
- Veröffentlicht 14.04.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:33
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potenti...