Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface
Vulnerability Description
Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on confirmation messages within the wagtail.contrib.simple_translation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Wagtail 跨站脚本漏洞
Vulnerability Description
Wagtail是Wagtail开源的一套开源的内容管理系统(CMS)。 Wagtail 6.3.8之前版本、7.0.6之前版本、7.2.3之前版本和7.3.1之前版本存在跨站脚本漏洞,该漏洞源于wagtail.contrib.simple_translation模块的确认消息存在存储型跨站脚本,可能导致执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A