CVE-2025-45388
- EPSS 0.03%
- Veröffentlicht 07.05.2025 00:00:00
- Zuletzt bearbeitet 09.05.2025 14:15:37
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this...
CVE-2024-39317
- EPSS 0.33%
- Veröffentlicht 11.07.2024 16:15:02
- Zuletzt bearbeitet 21.11.2024 09:27:26
Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without ...
CVE-2024-35228
- EPSS 0.16%
- Veröffentlicht 30.05.2024 19:15:16
- Zuletzt bearbeitet 21.11.2024 09:19:58
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a setti...
CVE-2024-32882
- EPSS 0.08%
- Veröffentlicht 02.05.2024 07:15:20
- Zuletzt bearbeitet 21.11.2024 09:15:55
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` ha...