Veracode Vulnerability DatabaseVERACODE:40096Stored Cross-Site Scripting (XSS)
0.001 Low
EPSS
Percentile
41.2%
wagtail is vulnerable to Stored Cross-Site Scripting (XSS). The vulnerability is due to the ModelAdmin views inside the admin interface, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser.
References
docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
github.com/wagtail/wagtail/releases/tag/v4.1.4
github.com/wagtail/wagtail/releases/tag/v4.2.2
github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2
Related
