Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2021/04/20 2:2 p.m.4 views

coop (>=0.3.1 <=2.10.2), django-oscar-wagtail (=0.0.5) +36 more potentially affected by CVE-2021-29434 via wagtail (>=1.0.0 <=2.10.2)

wagtail PYPI version =1.0.0, =0.3.1, =0.1.1, =5.22.3, =6.3.0, =0.0.1, =0.1.0, =2.0.7, =0.3.1, =0.5.4, =0.4.1, =1.1.1 and more Source cves: CVE-2021-29434 Source advisory: OSV:GHSA-WQ5H-F9P5-Q7FX...

6.1CVSS5.8AI score0.00626EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/20 2:2 p.m.4 views

wagtail-resume (=1.3.0), wagtail-social-share (>=0.0.6 <=0.1.1) potentially affected by CVE-2021-29434 via wagtail (>=2.12.0 <=2.12.2)

wagtail PYPI version =2.12.0, =0.0.6, =0.1.1 Source cves: CVE-2021-29434 Source advisory: OSV:GHSA-WQ5H-F9P5-Q7FX...

6.1CVSS6AI score0.00626EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 7:15 p.m.5 views

wagtail-resume (=1.3.0), wagtail-social-share (>=0.0.6 <=0.1.1) potentially affected by CVE-2021-29434 via wagtail (>=2.12.0 <=2.12.2)

wagtail PYPI version =2.12.0, =0.0.6, =0.1.1 Source cves: CVE-2021-29434 Source advisory: OSV:PYSEC-2021-114...

6.1CVSS6AI score0.00626EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 7:15 p.m.3 views

coop (>=0.3.1 <=2.10.2), django-oscar-wagtail (=0.0.5) +36 more potentially affected by CVE-2021-29434 via wagtail (>=1.0.0 <=2.10.2)

wagtail PYPI version =1.0.0, =0.3.1, =0.1.1, =5.22.3, =6.3.0, =0.0.1, =0.1.0, =2.0.7, =0.3.1, =0.5.4, =0.4.1, =1.1.1 and more Source cves: CVE-2021-29434 Source advisory: OSV:PYSEC-2021-114...

6.1CVSS6AI score0.00626EPSS
Exploits0
Cvelist
Cvelist
added 2021/04/19 6:45 p.m.51 views

CVE-2021-29434 Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

6.1CVSS6.5AI score0.00626EPSS
Exploits0References2
CVE
CVE
added 2021/04/19 6:45 p.m.94 views

CVE-2021-29434

Wagtail (a Django-based CMS) has a vulnerability in rich-text links where server-side checks do not enforce a valid protocol, allowing a malicious admin user to publish content containing javascript: URLs. Affected versions can be exploited via admin POST requests; an ordinary site visitor cannot...

6.1CVSS5.4AI score0.00626EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder