6 matches found
coop (>=0.3.1 <=2.10.2), django-oscar-wagtail (=0.0.5) +36 more potentially affected by CVE-2021-29434 via wagtail (>=1.0.0 <=2.10.2)
wagtail PYPI version =1.0.0, =0.3.1, =0.1.1, =5.22.3, =6.3.0, =0.0.1, =0.1.0, =2.0.7, =0.3.1, =0.5.4, =0.4.1, =1.1.1 and more Source cves: CVE-2021-29434 Source advisory: OSV:GHSA-WQ5H-F9P5-Q7FX...
wagtail-resume (=1.3.0), wagtail-social-share (>=0.0.6 <=0.1.1) potentially affected by CVE-2021-29434 via wagtail (>=2.12.0 <=2.12.2)
wagtail PYPI version =2.12.0, =0.0.6, =0.1.1 Source cves: CVE-2021-29434 Source advisory: OSV:GHSA-WQ5H-F9P5-Q7FX...
wagtail-resume (=1.3.0), wagtail-social-share (>=0.0.6 <=0.1.1) potentially affected by CVE-2021-29434 via wagtail (>=2.12.0 <=2.12.2)
wagtail PYPI version =2.12.0, =0.0.6, =0.1.1 Source cves: CVE-2021-29434 Source advisory: OSV:PYSEC-2021-114...
coop (>=0.3.1 <=2.10.2), django-oscar-wagtail (=0.0.5) +36 more potentially affected by CVE-2021-29434 via wagtail (>=1.0.0 <=2.10.2)
wagtail PYPI version =1.0.0, =0.3.1, =0.1.1, =5.22.3, =6.3.0, =0.0.1, =0.1.0, =2.0.7, =0.3.1, =0.5.4, =0.4.1, =1.1.1 and more Source cves: CVE-2021-29434 Source advisory: OSV:PYSEC-2021-114...
CVE-2021-29434 Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...
CVE-2021-29434
Wagtail (a Django-based CMS) has a vulnerability in rich-text links where server-side checks do not enforce a valid protocol, allowing a malicious admin user to publish content containing javascript: URLs. Affected versions can be exploited via admin POST requests; an ordinary site visitor cannot...