Cross-site Scripting in django-wiki
Moderate severity
GitHub Reviewed
Published
Dec 2, 2021
to the GitHub Advisory Database
•
Updated Nov 19, 2024
Description
Published by the National Vulnerability Database
Nov 23, 2021
Reviewed
Nov 24, 2021
Published to the GitHub Advisory Database
Dec 2, 2021
Last updated
Nov 19, 2024
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.
References