CVE-2021-25986
pypi/django-wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-wiki is vulnerable to Stored Cross-Site Scripting (XSS) in the Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.
All versions starting from 0.0.20 up to 0.7.8
Unfortunately, there is no solution available yet.
2021-11-30
source |