PYSEC-2026-146

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

CVE-2026-44197

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

CVE-2026-44197 Wagtail: Improper permission handling when comparing revisions

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

Wagtail has improper permission handling when comparing revisions

Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...

PT-2026-39232

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Wagtail versions prior to 7.4 Description A CMS user lacking page editing permissions can access page revisions via the revision compare view by knowing the primary keys of two...

GHSA-W4FJ-87J5-F25C XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

PT-2026-32971

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 10.4-rc-1 through 16.10.15 XWiki Platform versions 17.0.0-rc-1 through 17.4.7 XWiki Platform versions 17.5.0-rc-1 through 17.10.0 Description A reflected cross-site scripting XSS issue in the comparison view between pag...

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...

CVE-2022-38145

CVE-2022-38145 concerns stored XSS in SilverStripe’s versioned admin/compare view. Multiple connected sources describe that an attacker with CMS access can inject a Javascript payload by placing it in a page’s meta description, which then executes when viewing the version history compare. The mos...

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...

PT-2022-24237 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows remote attackers to execute a Javascript payload in the versioned history compare view by adding it to a page's meta description. This can be done by a...

GHSA-V2WC-PFQ2-5CM6 Possible XSS attack in Wagtail

Impact A cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges,...