21 matches found
EUVD-2021-0468
Malware in sbrugna...
EUVD-2024-1025
Malicious code in bioql PyPI...
CVE-2024-28865
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
Regular Expression Denial Of Service (ReDoS)
django-wiki is vulnerable to Regular Expression Denial Of Service ReDoS. This vulnerability is due to improper input validation, allowing maliciously crafted article content to cause severe CPU usage through a regular expression loop, which results in a Denial of Service DoS condition...
CVE-2024-28865
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
CVE-2024-28865 django-wiki denial of service via regular expression
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
CVE-2024-28865 django-wiki denial of service via regular expression
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...
CVE-2024-28865
django-wiki prior to 0.10.1 is affected by a Regular Expression Denial of Service (ReDoS) caused by crafted article content that can drive a pathological regex loop and exhaust server CPU. Root cause: vulnerable article-processing logic enabling CPU-intensive regex processing. Impact: potential d...
GHSA-WJ85-W4F4-XH8H Denial of service via regular expression
Impact All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop. Patches Workarounds Close off access to create and edit articles by anonymous users. References Are there any links...
django-wiki Security Vulnerabilities
django-wiki is a wiki system based on Django. A security vulnerability exists in versions of django-wiki prior to 0.10.1, which stems from vulnerability to maliciously crafted article content that could lead to a denial of service via regular expressions...
PT-2024-22614 · Unknown · Django-Wiki
Name of the Vulnerable Software and Affected Versions: django-wiki versions prior to 0.10.1 Description: The issue allows maliciously crafted article content to cause severe use of server CPU through a regular expression loop. This can be exploited by anonymous users creating or editing articles...
GHSA-3M3H-V9HV-9J4H Cross-site Scripting in django-wiki
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
Cross-site Scripting in django-wiki
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
CVE-2021-25986
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
CVE-2021-25986
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
Cross site scripting
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
PYSEC-2021-850
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
PYSEC-2021-850
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
CVE-2021-25986 Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...
CVE-2021-25986
The CVE-2021-25986 entry concerns Django-wiki versions 0.0.20 through 0.7.8, which are vulnerable to Stored Cross-Site Scripting (XSS) in the Notifications Section. The root cause is that an attacker who has edit access can inject a JavaScript payload into the page title; when victims receive a n...