10 matches found
CVE-2026-28222
Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock...
CVE-2026-28222
Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock...
CVE-2026-28222
Wagtail CVE-2026-28222 is a stored XSS affecting TableBlock in StreamField. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, an attacker with page creation/edit permissions could craft TableBlock class attributes that render arbitrary JavaScript when viewed by higher-privilege users. This is not...
CVE-2026-28222
Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock...
CVE-2026-28222 Wagtail: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes
Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock...
Wagtail 跨站脚本漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 6.3.8, 7.0.6, 7.2.3, and 7.3.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the rendering of TableBlock blocks in StreamField, which allowed for stored cross-sit...
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Impact A stored Cross-site Scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock StreamField blocks is able to set specially-crafted class attributes on the block which run arbitrary JavaScript code...
GHSA-P5CM-246W-84JM Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
Impact A stored Cross-site Scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock StreamField blocks is able to set specially-crafted class attributes on the block which run arbitrary JavaScript code...
Cross-site Scripting (XSS)
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the TableBlock class attributes. A user with access to create or edit pages containing TableBlock StreamField blocks in the admin interfac...
PT-2026-22987
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 6.3.8 Wagtail versions prior to 7.0.6 Wagtail versions prior to 7.2.3 Wagtail versions prior to 7.3.1 Description Wagtail, an open source content management system built on Django, contains a stored cross-site scripti...