CVE-2021-25986

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pypi/django-wiki

Identifiers

CVE-2021-25986

Package Slug

pypi/django-wiki

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Django-wiki is vulnerable to Stored Cross-Site Scripting (XSS) in the Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.

Affected Versions

All versions starting from 0.0.20 up to 0.7.8

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-11-30

source