32 matches found
CVE-2026-44198
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...
CVE-2026-44201
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
PYSEC-2026-148
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...
PYSEC-2026-147
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...
PYSEC-2026-150
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
PT-2026-39234
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description A CMS user with limited access to form pages can delete submissions for pages they are not authorized to access. This is achieved by crafting a form submission to dele...
CVE-2026-28223
Wagtail (Django-based CMS) contains a stored XSS in the wagtail.contrib.simple_translation module. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a user with admin access may craft a page title that, when another user runs the Translate action, executes arbitrary JavaScript in that user’s cont...
Cross-site Scripting (XSS)
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the wagtail.contrib.simpletranslation module. A user with access to the admin area can execute arbitrary JavaScript code in the context of...
EUVD-2026-5345
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
EUVD-2025-13925
Malicious code in bioql PyPI...
EUVD-2024-0186
Malicious code in bioql PyPI...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
Wagtail CMS 安全漏洞
Wagtail CMS is a content management system from Wagtail Open Source. A security vulnerability exists in Wagtail CMS version 6.4.1, which stems from a stored cross-site scripting attack due to the document upload feature...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
CVE-2025-45388
CVE-2025-45388 (Wagtail CMS 6.4.1) : A Stored Cross-Site Scripting (XSS) flaw exists in the document upload feature. Attackers can embed malicious payloads in a PDF; when a user clicks the uploaded document in the CMS interface, the payload can execute. The supplier disputes exploitability, notin...
PT-2025-20295 · Unknown · Wagtail Cms
Name of the Vulnerable Software and Affected Versions: Wagtail CMS version 6.4.1 Description: The issue is related to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface...
CVE-2023-28837
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...
CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...