Search criteria
3 vulnerabilities found for django-wiki by django-wiki_project
FKIE_CVE-2021-25986
Vulnerability from fkie_nvd - Published: 2021-11-23 20:15 - Updated: 2024-11-21 05:55
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.
References
| URL | Tags | ||
|---|---|---|---|
| vulnerabilitylab@mend.io | https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5 | Patch, Third Party Advisory | |
| vulnerabilitylab@mend.io | https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| django-wiki_project | django-wiki | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:django-wiki_project:django-wiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F28B3AA6-B355-444E-A4F6-0514514F9ECF",
"versionEndIncluding": "0.7.8",
"versionStartIncluding": "0.0.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript."
},
{
"lang": "es",
"value": "En Django-wiki, versiones 0.0.20 a 0.7.8, son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) Almacenado en la secci\u00f3n de notificaciones. Un atacante que tenga acceso a las p\u00e1ginas de edici\u00f3n puede inyectar una carga \u00fatil de JavaScript en el campo title. Cuando una v\u00edctima recibe una notificaci\u00f3n sobre los cambios realizados en la aplicaci\u00f3n, la carga \u00fatil en el panel de notificaciones se renderiza y carga JavaScript externo"
}
],
"id": "CVE-2021-25986",
"lastModified": "2024-11-21T05:55:44.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "vulnerabilitylab@mend.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-23T20:15:10.583",
"references": [
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
],
"sourceIdentifier": "vulnerabilitylab@mend.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "vulnerabilitylab@mend.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-25986 (GCVE-0-2021-25986)
Vulnerability from cvelistv5 – Published: 2021-11-23 19:17 – Updated: 2025-04-30 15:44
VLAI?
Summary
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Django-wiki | Django-wiki |
Affected:
0.0.20 , < unspecified
(custom)
Affected: unspecified , ≤ 0.7.8 (custom) |
Credits
WhiteSource Vulnerability Research Team (WVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:27:38.127674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:44:27.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Django-wiki",
"vendor": "Django-wiki",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.0.20",
"versionType": "custom"
},
{
"lessThanOrEqual": "0.7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2021-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:17:08.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
],
"solutions": [
{
"lang": "en",
"value": "Update version to 0.7.9 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2021-11-15T10:07:00.000Z",
"ID": "CVE-2021-25986",
"STATE": "PUBLIC",
"TITLE": "Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Django-wiki",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.0.20"
},
{
"version_affected": "\u003c=",
"version_value": "0.7.8"
}
]
}
}
]
},
"vendor_name": "Django-wiki"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5",
"refsource": "MISC",
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update version to 0.7.9 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25986",
"datePublished": "2021-11-23T19:17:08.282Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:44:27.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25986 (GCVE-0-2021-25986)
Vulnerability from nvd – Published: 2021-11-23 19:17 – Updated: 2025-04-30 15:44
VLAI?
Summary
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Django-wiki | Django-wiki |
Affected:
0.0.20 , < unspecified
(custom)
Affected: unspecified , ≤ 0.7.8 (custom) |
Credits
WhiteSource Vulnerability Research Team (WVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:27:38.127674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:44:27.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Django-wiki",
"vendor": "Django-wiki",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.0.20",
"versionType": "custom"
},
{
"lessThanOrEqual": "0.7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2021-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:17:08.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
],
"solutions": [
{
"lang": "en",
"value": "Update version to 0.7.9 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2021-11-15T10:07:00.000Z",
"ID": "CVE-2021-25986",
"STATE": "PUBLIC",
"TITLE": "Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Django-wiki",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.0.20"
},
{
"version_affected": "\u003c=",
"version_value": "0.7.8"
}
]
}
}
]
},
"vendor_name": "Django-wiki"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5",
"refsource": "MISC",
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update version to 0.7.9 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25986",
"datePublished": "2021-11-23T19:17:08.282Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:44:27.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}