PYSEC-2021-850
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/wiki/PYSEC-2021-850.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2021-850
- Aliases
- Published
- 2021-11-23T20:15:00Z
- Modified
- 2023-11-01T04:54:50.075303Z
- Summary
- [none]
- Details
-
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.
- References
Affected packages
PyPI / wiki
Package
- Name
- wiki
- View open source insights on deps.dev
- Purl
- pkg:pypi/wiki
Affected ranges
- Type
- GIT
- Repo
- https://github.com/django-wiki/django-wiki
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0.0.20Fixed0.7.9
Affected versions
0.*
0.0.20
0.0.21
0.0.22
0.0.23
0.0.24
0.0.24.1
0.0.24.2
0.0.24.3
0.0.24.4
0.0.24.4.post1
0.1.dev20160119155955
0.1b0
0.1
0.1.1
0.1.2
0.2b1
0.2b2
0.2
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3b1
0.3b2
0.3b3
0.3b4
0.3rc1
0.3
0.3.1
0.4a1
0.4a2
0.4a3
0.4a4
0.4a5
0.4b1
0.4b2
0.4b3
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.5.dev20181021091629
0.5
0.6b1
0.6b2
0.6
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8