CVE-2020-11001
Description
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revisioncomparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtailadmin could potentially craft a page revision history that, when viewed by a user with higher privileges, could performactions with that users credentials. The vulnerability is not exploitable by an ordinary site visitor without access tothe Wagtail admin.Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch).
Risk Information
Base Score
6.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.406
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-11001 are fixed in Python-wagtail 2.7.2 | Windows |
| Vulnerabilities CVE-2020-11001 are fixed in Python-wagtail 2.8.1 | Windows |
| Vulnerabilities CVE-2020-11001 are fixed in Python-wagtail for linux 2.7.2 | Linux |
| Vulnerabilities CVE-2020-11001 are fixed in Python-wagtail for linux 2.8.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234