FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Wagtail -- XSS vulnerability

Affected packages
py35-wagtail < 2.7.2
py36-wagtail < 2.7.2
py37-wagtail < 2.7.2
py38-wagtail < 2.7.2


VuXML ID 8d85d600-84a9-11ea-97b9-08002728f74c
Discovery 2020-04-03
Entry 2020-04-22

Wagtail release notes:

CVE-2020-11001: Possible XSS attack via page revision comparison view

This release addresses a cross-site scripting (XSS) vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.


CVE Name CVE-2020-11001