Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/wagtail@1.5
Typepypi
Namespace
Namewagtail
Version1.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.7
Latest_non_vulnerable_version7.3.2
Affected_by_vulnerabilities
0
url VCID-12d4-1bj5-2yb5
vulnerability_id VCID-12d4-1bj5-2yb5
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09514
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44199
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:22:48Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44199
4
reference_url https://github.com/advisories/GHSA-pwm3-7fv4-g6xx
reference_id GHSA-pwm3-7fv4-g6xx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pwm3-7fv4-g6xx
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44199, GHSA-pwm3-7fv4-g6xx, PYSEC-2026-148
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12d4-1bj5-2yb5
1
url VCID-1dyp-u5tf-mqhh
vulnerability_id VCID-1dyp-u5tf-mqhh
summary 
Wagtail has improper permission handling on admin preview endpoints
Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25517
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02431
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25517
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719
3
reference_url https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f
4
reference_url https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190
5
reference_url https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915
6
reference_url https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.6
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v6.3.6
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.4
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.0.4
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.1.3
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.1.3
10
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.2
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.2.2
11
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v7.3
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25517
reference_id CVE-2026-25517
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25517
13
reference_url https://github.com/advisories/GHSA-4qvv-g3vr-m348
reference_id GHSA-4qvv-g3vr-m348
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4qvv-g3vr-m348
14
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348
reference_id GHSA-4qvv-g3vr-m348
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-05T14:20:11Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348
fixed_packages
0
url pkg:pypi/wagtail@6.3.6
purl pkg:pypi/wagtail@6.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-672q-fuy3-yqd1
4
vulnerability VCID-prth-nf4k-nqe5
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.6
1
url pkg:pypi/wagtail@7.0.4
purl pkg:pypi/wagtail@7.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-672q-fuy3-yqd1
4
vulnerability VCID-prth-nf4k-nqe5
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.4
2
url pkg:pypi/wagtail@7.1.3
purl pkg:pypi/wagtail@7.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-672q-fuy3-yqd1
4
vulnerability VCID-prth-nf4k-nqe5
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.1.3
3
url pkg:pypi/wagtail@7.2.2
purl pkg:pypi/wagtail@7.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-672q-fuy3-yqd1
4
vulnerability VCID-prth-nf4k-nqe5
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.2
4
url pkg:pypi/wagtail@7.3
purl pkg:pypi/wagtail@7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-672q-fuy3-yqd1
4
vulnerability VCID-prth-nf4k-nqe5
5
vulnerability VCID-qf1m-zu2w-dbds
6
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3
aliases CVE-2026-25517, GHSA-4qvv-g3vr-m348
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1dyp-u5tf-mqhh
2
url VCID-2upt-d3sg-ebea
vulnerability_id VCID-2upt-d3sg-ebea
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09075
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44198
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T15:53:32Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44198
4
reference_url https://github.com/advisories/GHSA-c4mr-889m-vgf6
reference_id GHSA-c4mr-889m-vgf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4mr-889m-vgf6
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44198, GHSA-c4mr-889m-vgf6, PYSEC-2026-147
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2upt-d3sg-ebea
3
url VCID-5p3e-kwee-ukfr
vulnerability_id VCID-5p3e-kwee-ukfr
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10242
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44197
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-14T17:52:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44197
4
reference_url https://github.com/advisories/GHSA-c6wj-9vcj-75pj
reference_id GHSA-c6wj-9vcj-75pj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6wj-9vcj-75pj
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44197, GHSA-c6wj-9vcj-75pj, PYSEC-2026-146
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5p3e-kwee-ukfr
4
url VCID-672q-fuy3-yqd1
vulnerability_id VCID-672q-fuy3-yqd1
summary 
Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface
A stored Cross-site Scripting (XSS) vulnerability exists on confirmation messages within the `wagtail.contrib.simple_translation` module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28223
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.1391
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28223
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863
3
reference_url https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19
4
reference_url https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c
5
reference_url https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28223
reference_id CVE-2026-28223
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28223
11
reference_url https://github.com/advisories/GHSA-p4v8-rw59-93cq
reference_id GHSA-p4v8-rw59-93cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4v8-rw59-93cq
12
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq
reference_id GHSA-p4v8-rw59-93cq
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T10:39:12Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq
fixed_packages
0
url pkg:pypi/wagtail@6.3.8
purl pkg:pypi/wagtail@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8
1
url pkg:pypi/wagtail@7.0.6
purl pkg:pypi/wagtail@7.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6
2
url pkg:pypi/wagtail@7.2.3
purl pkg:pypi/wagtail@7.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3
3
url pkg:pypi/wagtail@7.3.1
purl pkg:pypi/wagtail@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1
aliases CVE-2026-28223, GHSA-p4v8-rw59-93cq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-672q-fuy3-yqd1
5
url VCID-8jfe-n528-xuc2
vulnerability_id VCID-8jfe-n528-xuc2
summary Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
reference_id
reference_type
scores
0
value 0.013
scoring_system epss
scoring_elements 0.80045
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28837
1
reference_url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://docs.wagtail.org/en/stable/reference/settings.html#wagtailimages-max-upload-size
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-56.yaml
3
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
4
reference_url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/3c0c64642b9e5b8d28b111263c7f4bddad6c3880
5
reference_url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/c9d2fcd650a88d76ae122646142245e5927a9165
6
reference_url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/cfa11bbe00dbe7ce8cd4c0bbfe2a898a690df2bf
7
reference_url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/commit/d4022310cbe497993459c3136311467c7ac6329a
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
10
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:36:47Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-33pv-vcgh-jfg9
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
reference_id CVE-2023-28837
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28837
12
reference_url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
reference_id GHSA-33pv-vcgh-jfg9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33pv-vcgh-jfg9
fixed_packages
0
url pkg:pypi/wagtail@4.1.4
purl pkg:pypi/wagtail@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-pkcr-w2en-dufq
7
vulnerability VCID-prth-nf4k-nqe5
8
vulnerability VCID-qf1m-zu2w-dbds
9
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.4
1
url pkg:pypi/wagtail@4.2rc1
purl pkg:pypi/wagtail@4.2rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-prth-nf4k-nqe5
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1
2
url pkg:pypi/wagtail@4.2.2
purl pkg:pypi/wagtail@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-pkcr-w2en-dufq
7
vulnerability VCID-prth-nf4k-nqe5
8
vulnerability VCID-qf1m-zu2w-dbds
9
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2
aliases CVE-2023-28837, GHSA-33pv-vcgh-jfg9, PYSEC-2023-56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jfe-n528-xuc2
6
url VCID-8k9y-g5uj-nfaz
vulnerability_id VCID-8k9y-g5uj-nfaz
summary Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28836
reference_id
reference_type
scores
0
value 0.01096
scoring_system epss
scoring_elements 0.78301
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28836
1
reference_url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
2
reference_url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-55.yaml
4
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
5
reference_url https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
6
reference_url https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
7
reference_url https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
8
reference_url https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v4.1.4
10
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/releases/tag/v4.2.2
11
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-11T16:36:00Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28836
reference_id CVE-2023-28836
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28836
13
reference_url https://github.com/advisories/GHSA-5286-f2rf-35c2
reference_id GHSA-5286-f2rf-35c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5286-f2rf-35c2
fixed_packages
0
url pkg:pypi/wagtail@4.1.4
purl pkg:pypi/wagtail@4.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-pkcr-w2en-dufq
7
vulnerability VCID-prth-nf4k-nqe5
8
vulnerability VCID-qf1m-zu2w-dbds
9
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.4
1
url pkg:pypi/wagtail@4.2rc1
purl pkg:pypi/wagtail@4.2rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-prth-nf4k-nqe5
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1
2
url pkg:pypi/wagtail@4.2.2
purl pkg:pypi/wagtail@4.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-pkcr-w2en-dufq
7
vulnerability VCID-prth-nf4k-nqe5
8
vulnerability VCID-qf1m-zu2w-dbds
9
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2.2
aliases CVE-2023-28836, GHSA-5286-f2rf-35c2, PYSEC-2023-55
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8k9y-g5uj-nfaz
7
url VCID-btdp-8uac-rkhp
vulnerability_id VCID-btdp-8uac-rkhp
summary Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with 'editor' access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django's `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32681
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.52978
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32681
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-103.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.11.8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.11.8
4
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.12.5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.12.5
5
reference_url https://github.com/wagtail/wagtail/releases/tag/v2.13.2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v2.13.2
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-xfrw-hxr5-ghqf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32681
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32681
8
reference_url https://github.com/advisories/GHSA-xfrw-hxr5-ghqf
reference_id GHSA-xfrw-hxr5-ghqf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfrw-hxr5-ghqf
fixed_packages
0
url pkg:pypi/wagtail@2.11.8
purl pkg:pypi/wagtail@2.11.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-pkcr-w2en-dufq
9
vulnerability VCID-prth-nf4k-nqe5
10
vulnerability VCID-qf1m-zu2w-dbds
11
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.8
1
url pkg:pypi/wagtail@2.12rc1
purl pkg:pypi/wagtail@2.12rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-pkcr-w2en-dufq
9
vulnerability VCID-prth-nf4k-nqe5
10
vulnerability VCID-qf1m-zu2w-dbds
11
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12rc1
2
url pkg:pypi/wagtail@2.12.5
purl pkg:pypi/wagtail@2.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-pkcr-w2en-dufq
9
vulnerability VCID-prth-nf4k-nqe5
10
vulnerability VCID-qf1m-zu2w-dbds
11
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.5
3
url pkg:pypi/wagtail@2.13rc1
purl pkg:pypi/wagtail@2.13rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-pkcr-w2en-dufq
9
vulnerability VCID-prth-nf4k-nqe5
10
vulnerability VCID-qf1m-zu2w-dbds
11
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.13rc1
4
url pkg:pypi/wagtail@2.13.2
purl pkg:pypi/wagtail@2.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-chj9-nmry-q3f1
9
vulnerability VCID-pkcr-w2en-dufq
10
vulnerability VCID-prth-nf4k-nqe5
11
vulnerability VCID-qf1m-zu2w-dbds
12
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.13.2
aliases CVE-2021-32681, GHSA-xfrw-hxr5-ghqf, PYSEC-2021-103
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-btdp-8uac-rkhp
8
url VCID-cfkh-sdk4-3uan
vulnerability_id VCID-cfkh-sdk4-3uan
summary Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29434
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50921
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29434
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2021-114.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/5c7a60977cba478f6a35390ba98cffc2bd41c8a4
4
reference_url https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/915f6ed2bd7d53154103cc4424a0f18695cdad6c
5
reference_url https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/compare/v2.11.6...v2.11.7
6
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29434
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29434
8
reference_url https://pypi.org/project/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/wagtail
9
reference_url https://pypi.org/project/wagtail/
reference_id
reference_type
scores
url https://pypi.org/project/wagtail/
10
reference_url https://github.com/advisories/GHSA-wq5h-f9p5-q7fx
reference_id GHSA-wq5h-f9p5-q7fx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq5h-f9p5-q7fx
fixed_packages
0
url pkg:pypi/wagtail@2.11.6
purl pkg:pypi/wagtail@2.11.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-cfkh-sdk4-3uan
10
vulnerability VCID-pkcr-w2en-dufq
11
vulnerability VCID-prth-nf4k-nqe5
12
vulnerability VCID-qf1m-zu2w-dbds
13
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.6
1
url pkg:pypi/wagtail@2.11.7
purl pkg:pypi/wagtail@2.11.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-pkcr-w2en-dufq
10
vulnerability VCID-prth-nf4k-nqe5
11
vulnerability VCID-qf1m-zu2w-dbds
12
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.11.7
2
url pkg:pypi/wagtail@2.12.4
purl pkg:pypi/wagtail@2.12.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-pkcr-w2en-dufq
10
vulnerability VCID-prth-nf4k-nqe5
11
vulnerability VCID-qf1m-zu2w-dbds
12
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.12.4
aliases CVE-2021-29434, GHSA-wq5h-f9p5-q7fx, PYSEC-2021-114
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfkh-sdk4-3uan
9
url VCID-fr48-r964-g3aw
vulnerability_id VCID-fr48-r964-g3aw
summary In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. Allowing HTML within help text is an intentional design decision by Django; however, as a matter of policy Wagtail does not allow editors to insert arbitrary HTML by default, as this could potentially be used to carry out cross-site scripting attacks, including privilege escalation. This functionality should therefore not have been made available to editor-level users. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.4 (for the LTS 2.7 branch) and Wagtail 2.9.3 (for the current 2.9 branch). In these versions, help text will be escaped to prevent the inclusion of HTML tags. Site owners who wish to re-enable the use of HTML within help text (and are willing to accept the risk of this being exploited by editors) may set WAGTAILFORMS_HELP_TEXT_ALLOW_HTML = True in their configuration settings. Site owners who are unable to upgrade to the new versions can secure their form page templates by rendering forms field-by-field as per Django's documentation, but omitting the |safe filter when outputting the help text.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15118
reference_id
reference_type
scores
0
value 0.00595
scoring_system epss
scoring_elements 0.69644
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15118
1
reference_url https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text
2
reference_url https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-154.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-154.yaml
4
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
5
reference_url https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst
6
reference_url https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34
7
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15118
reference_id CVE-2020-15118
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value 7.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15118
9
reference_url https://github.com/advisories/GHSA-2473-9hgq-j7xw
reference_id GHSA-2473-9hgq-j7xw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2473-9hgq-j7xw
fixed_packages
0
url pkg:pypi/wagtail@2.7.4
purl pkg:pypi/wagtail@2.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-cfkh-sdk4-3uan
10
vulnerability VCID-pkcr-w2en-dufq
11
vulnerability VCID-prth-nf4k-nqe5
12
vulnerability VCID-qf1m-zu2w-dbds
13
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.7.4
1
url pkg:pypi/wagtail@2.9.3
purl pkg:pypi/wagtail@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-cfkh-sdk4-3uan
10
vulnerability VCID-pkcr-w2en-dufq
11
vulnerability VCID-prth-nf4k-nqe5
12
vulnerability VCID-qf1m-zu2w-dbds
13
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.9.3
aliases CVE-2020-15118, GHSA-2473-9hgq-j7xw, PYSEC-2020-154
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fr48-r964-g3aw
10
url VCID-pkcr-w2en-dufq
vulnerability_id VCID-pkcr-w2en-dufq
summary Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46041
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45809
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2023-219.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/0bacd29473107d9d7f5b723a15a683449679756d
4
reference_url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/2231f462c75dfe84307fb40577e8c2109a23b27e
5
reference_url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/bc96aed6ac53f998b2f4c4bf97e2d4f5fe337e5b
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v4.1.9
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.0.5
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/releases/tag/v5.1.3
9
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
reference_id CVE-2023-45809
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-45809
11
reference_url https://github.com/advisories/GHSA-fc75-58r8-rm3h
reference_id GHSA-fc75-58r8-rm3h
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fc75-58r8-rm3h
fixed_packages
0
url pkg:pypi/wagtail@4.1.9
purl pkg:pypi/wagtail@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-prth-nf4k-nqe5
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.1.9
1
url pkg:pypi/wagtail@4.2rc1
purl pkg:pypi/wagtail@4.2rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-prth-nf4k-nqe5
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@4.2rc1
2
url pkg:pypi/wagtail@5.0.5
purl pkg:pypi/wagtail@5.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-prth-nf4k-nqe5
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.0.5
3
url pkg:pypi/wagtail@5.1rc1
purl pkg:pypi/wagtail@5.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-prth-nf4k-nqe5
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1rc1
4
url pkg:pypi/wagtail@5.1.3
purl pkg:pypi/wagtail@5.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-9u79-7g62-23dk
6
vulnerability VCID-prth-nf4k-nqe5
7
vulnerability VCID-qf1m-zu2w-dbds
8
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@5.1.3
aliases CVE-2023-45809, GHSA-fc75-58r8-rm3h, PYSEC-2023-219
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkcr-w2en-dufq
11
url VCID-prth-nf4k-nqe5
vulnerability_id VCID-prth-nf4k-nqe5
summary 
Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes
A stored Cross-site Scripting (XSS) vulnerability exists on rendering `TableBlock` blocks within a StreamField. A user with access to create or edit pages containing `TableBlock` StreamField blocks is able to set specially-crafted `class` attributes on the block which run arbitrary JavaScript code when the page is viewed. When viewed by a user with higher privileges, this could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites using TableBlock.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28222
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29604
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28222
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d
3
reference_url https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e
4
reference_url https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85
5
reference_url https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b
6
reference_url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v6.3.8
7
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.0.6
8
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.2.3
9
reference_url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/releases/tag/v7.3.1
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28222
reference_id CVE-2026-28222
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28222
11
reference_url https://github.com/advisories/GHSA-p5cm-246w-84jm
reference_id GHSA-p5cm-246w-84jm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5cm-246w-84jm
12
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm
reference_id GHSA-p5cm-246w-84jm
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:05:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm
fixed_packages
0
url pkg:pypi/wagtail@6.3.8
purl pkg:pypi/wagtail@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.3.8
1
url pkg:pypi/wagtail@7.0.6
purl pkg:pypi/wagtail@7.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.6
2
url pkg:pypi/wagtail@7.2.3
purl pkg:pypi/wagtail@7.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.2.3
3
url pkg:pypi/wagtail@7.3.1
purl pkg:pypi/wagtail@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-2upt-d3sg-ebea
2
vulnerability VCID-5p3e-kwee-ukfr
3
vulnerability VCID-qf1m-zu2w-dbds
4
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.1
aliases CVE-2026-28222, GHSA-p5cm-246w-84jm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prth-nf4k-nqe5
12
url VCID-qf1m-zu2w-dbds
vulnerability_id VCID-qf1m-zu2w-dbds
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02074
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44201
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:45:22Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44201
4
reference_url https://github.com/advisories/GHSA-p5gm-92h4-6pv6
reference_id GHSA-p5gm-92h4-6pv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p5gm-92h4-6pv6
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44201, GHSA-p5gm-92h4-6pv6, PYSEC-2026-150
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qf1m-zu2w-dbds
13
url VCID-sfrz-j9f2-9qgj
vulnerability_id VCID-sfrz-j9f2-9qgj
summary In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11037
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16683
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11037
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-153.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/wagtail/PYSEC-2020-153.yaml
2
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
3
reference_url https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/3c030490ed575bb9cd01dfb3a890477dcaeb2edf
4
reference_url https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/b76ab57ee859732b9cf9287d380493ab24061090
5
reference_url https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/ba9d424bd1ca5ce1910d3de74f5cc07214fbfb11
6
reference_url https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/commit/bac3cd0a26b023e595cf2959aae7da15bb5e4340
7
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail/security/advisories/GHSA-jjjr-3jcw-f8v6
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11037
reference_id CVE-2020-11037
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
1
value 4.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11037
9
reference_url https://github.com/advisories/GHSA-jjjr-3jcw-f8v6
reference_id GHSA-jjjr-3jcw-f8v6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjjr-3jcw-f8v6
fixed_packages
0
url pkg:pypi/wagtail@2.7.3
purl pkg:pypi/wagtail@2.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-cfkh-sdk4-3uan
10
vulnerability VCID-fr48-r964-g3aw
11
vulnerability VCID-pkcr-w2en-dufq
12
vulnerability VCID-prth-nf4k-nqe5
13
vulnerability VCID-qf1m-zu2w-dbds
14
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.7.3
1
url pkg:pypi/wagtail@2.8.2
purl pkg:pypi/wagtail@2.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-cfkh-sdk4-3uan
10
vulnerability VCID-fr48-r964-g3aw
11
vulnerability VCID-pkcr-w2en-dufq
12
vulnerability VCID-prth-nf4k-nqe5
13
vulnerability VCID-qf1m-zu2w-dbds
14
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.8.2
2
url pkg:pypi/wagtail@2.9
purl pkg:pypi/wagtail@2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12d4-1bj5-2yb5
1
vulnerability VCID-1dyp-u5tf-mqhh
2
vulnerability VCID-2upt-d3sg-ebea
3
vulnerability VCID-5p3e-kwee-ukfr
4
vulnerability VCID-672q-fuy3-yqd1
5
vulnerability VCID-8jfe-n528-xuc2
6
vulnerability VCID-8k9y-g5uj-nfaz
7
vulnerability VCID-9u79-7g62-23dk
8
vulnerability VCID-btdp-8uac-rkhp
9
vulnerability VCID-cfkh-sdk4-3uan
10
vulnerability VCID-fr48-r964-g3aw
11
vulnerability VCID-pkcr-w2en-dufq
12
vulnerability VCID-prth-nf4k-nqe5
13
vulnerability VCID-qf1m-zu2w-dbds
14
vulnerability VCID-yvjp-hx9y-mkgf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@2.9
aliases CVE-2020-11037, GHSA-jjjr-3jcw-f8v6, PYSEC-2020-153
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfrz-j9f2-9qgj
14
url VCID-yvjp-hx9y-mkgf
vulnerability_id VCID-yvjp-hx9y-mkgf
summary Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08279
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44200
1
reference_url https://github.com/wagtail/wagtail
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/wagtail/wagtail
2
reference_url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:54:04Z/
url https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44200
4
reference_url https://github.com/advisories/GHSA-67rv-mg8q-5pf3
reference_id GHSA-67rv-mg8q-5pf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-67rv-mg8q-5pf3
fixed_packages
0
url pkg:pypi/wagtail@7.0.7
purl pkg:pypi/wagtail@7.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.0.7
1
url pkg:pypi/wagtail@7.3.2
purl pkg:pypi/wagtail@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@7.3.2
aliases CVE-2026-44200, GHSA-67rv-mg8q-5pf3, PYSEC-2026-149
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yvjp-hx9y-mkgf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@1.5