Lucene search
+L

35 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44198

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

4.3CVSS5.4AI score0.00162EPSS
Exploits0References1
PyPA
PyPA
added 2026/05/11 4:17 p.m.39 views

PYSEC-2026-147

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/11 4:17 p.m.22 views

CVE-2026-44198

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 2:40 p.m.45 views

CVE-2026-44198 Wagtail: Improper permission handling when viewing page history

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

4.3CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 2:40 p.m.7 views

CVE-2026-44198 Wagtail: Improper permission handling when viewing page history

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 2:40 p.m.25 views

CVE-2026-44198

CVE-2026-44198 (Wagtail) : An improper permission handling flaw allowed a CMS user without edit rights to access the page history report, potentially exposing sensitive information. Affected: Wagtail prior to 7.0.7, 7.3.2, and 7.4. Remediation: patch releases 7.0.7, 7.3.2, and 7.4 include the fix...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/08 8:19 p.m.13 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges when viewing page history. A user without edit permissions on a given page can access the history report fo...

5.3CVSS5.8AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 8:19 p.m.49 views

GHSA-C4MR-889M-VGF6 Wagtail has improper permission handling when viewing page history

Impact A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-39233

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Wagtail versions prior to 7.4 Description A CMS user lacking page editing permissions can access the history report for a page, which may lead to the disclosure of sensitive...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/15 12:7 a.m.34 views

CVE-2026-40105 XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability XSS in the comparison view between...

6.5CVSS0.00549EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/15 12:7 a.m.5 views

CVE-2026-40105 XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability XSS in the comparison view between...

6.5CVSS5.8AI score0.00549EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 12:7 a.m.15 views

CVE-2026-40105

XWiki Platform has a reflected XSS in the page revisions comparison view. Affected versions: 10.4-rc-1 through 16.10.15, 17.0.0-rc-1 through 17.4.7, and 17.5.0-rc-1 through 17.10.0. The vulnerability allows executing JavaScript in the attacker’s or user’s browser when viewing the comparison betwe...

6.5CVSS5.8AI score0.00549EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/15 12:7 a.m.3 views

CVE-2026-40105 XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability XSS in the comparison view between...

6.5CVSS6.4AI score0.00549EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 10:33 p.m.5 views

GHSA-W4FJ-87J5-F25C XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

6.5CVSS5.7AI score0.00549EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/14 10:33 p.m.10 views

XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

6.5CVSS5.7AI score0.00549EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.18 views

CVE-2024-45591

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS6.5AI score0.03417EPSS
Exploits1
NVD
NVD
added 2024/09/10 4:15 p.m.47 views

CVE-2024-45591

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS0.03417EPSS
Exploits1References4
OSV
OSV
added 2024/09/10 3:56 p.m.25 views

CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS6.4AI score0.03417EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/09/10 3:56 p.m.50 views

CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS0.03417EPSS
Exploits1References4
CVE
CVE
added 2024/09/10 3:56 p.m.101 views

CVE-2024-45591

CVE-2024-45591 concerns XWiki Platform: the REST API can disclose page history information to unauthorized users, including per-modification times, version numbers, author usernames/display names, and version comments, even on fully private wikis. The issue is triggered by unauthenticated access ...

5.3CVSS5AI score0.03417EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder