FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Wagtail -- XSS vulnerability

Affected packages
py35-wagtail < 2.7.2
py36-wagtail < 2.7.2
py37-wagtail < 2.7.2
py38-wagtail < 2.7.2

Details

VuXML ID 8d85d600-84a9-11ea-97b9-08002728f74c
Discovery 2020-04-03
Entry 2020-04-22

Wagtail release notes:

CVE-2020-11001: Possible XSS attack via page revision comparison view

This release addresses a cross-site scripting (XSS) vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.

[source]

References

CVE Name CVE-2020-11001
URL https://docs.wagtail.io/en/latest/releases/2.7.2.html
URL https://github.com/advisories/GHSA-v2wc-pfq2-5cm6

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.