Wagtail Security Vulnerabilities and Issues — Wagtail CVE List

Lucene search

TorchboxWagtail

3 matches found

CVE•added 2020/04/30 11:15 p.m.•105 views

CVE-2020-11037

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is abl...

6.1CVSS5.1AI score0.00052EPSS

CVE•added 2020/04/14 11:15 p.m.•94 views

CVE-2020-11001

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revisioncomparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtailadmin could potentially craft a page revision history that, when viewe...

6.8CVSS5.9AI score0.00406EPSS

CVE•added 2020/07/20 6:15 p.m.•68 views

CVE-2020-15118

In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be r...

5.7CVSS5.4AI score0.00595EPSS