CVE-2026-28223

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area...

PT-2026-22988

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 6.3.8 Wagtail versions prior to 7.0.6 Wagtail versions prior to 7.2.3 Wagtail versions prior to 7.3.1 Description A stored cross-site scripting XSS issue exists within the wagtail.contrib.simple translation module. A...

GHSA-4QVV-G3VR-M348 Wagtail has improper permission handling on admin preview endpoints

Impact Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data...

EUVD-2023-0279

Malicious code in bioql PyPI...

FreeBSD : py-wagtail -- stored XSS vulnerability (17efbe19-4e72-426a-8016-2b4e001c1378)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17efbe19-4e72-426a-8016-2b4e001c1378 advisory. - Wagtail is an open source content management system built on Django. Starting in version 1.5 and prio...

GHSA-5286-F2RF-35C2 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Impact A stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform...

Cross site scripting

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

py-wagtail -- stored XSS vulnerability

A stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform action...

PYSEC-2021-114

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

FreeBSD : Wagtail -- XSS vulnerability (e1d3a580-cd8b-11ea-bad0-08002728f74c)

GitHub Advisory Database : When a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp as directed in the documentation, any HTML tags used within a form field's he...