CVE-2021-25986 (GCVE-0-2021-25986)
Vulnerability from cvelistv5 – Published: 2021-11-23 19:17 – Updated: 2025-04-30 15:44
VLAI?
Summary
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Django-wiki | Django-wiki |
Affected:
0.0.20 , < unspecified
(custom)
Affected: unspecified , ≤ 0.7.8 (custom) |
Credits
WhiteSource Vulnerability Research Team (WVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:27:38.127674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:44:27.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Django-wiki",
"vendor": "Django-wiki",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0.0.20",
"versionType": "custom"
},
{
"lessThanOrEqual": "0.7.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2021-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-23T19:17:08.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
],
"solutions": [
{
"lang": "en",
"value": "Update version to 0.7.9 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2021-11-15T10:07:00.000Z",
"ID": "CVE-2021-25986",
"STATE": "PUBLIC",
"TITLE": "Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Django-wiki",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0.0.20"
},
{
"version_affected": "\u003c=",
"version_value": "0.7.8"
}
]
}
}
]
},
"vendor_name": "Django-wiki"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5",
"refsource": "MISC",
"url": "https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update version to 0.7.9 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25986",
"datePublished": "2021-11-23T19:17:08.282Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:44:27.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:django-wiki_project:django-wiki:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.0.20\", \"versionEndIncluding\": \"0.7.8\", \"matchCriteriaId\": \"F28B3AA6-B355-444E-A4F6-0514514F9ECF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.\"}, {\"lang\": \"es\", \"value\": \"En Django-wiki, versiones 0.0.20 a 0.7.8, son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) Almacenado en la secci\\u00f3n de notificaciones. Un atacante que tenga acceso a las p\\u00e1ginas de edici\\u00f3n puede inyectar una carga \\u00fatil de JavaScript en el campo title. Cuando una v\\u00edctima recibe una notificaci\\u00f3n sobre los cambios realizados en la aplicaci\\u00f3n, la carga \\u00fatil en el panel de notificaciones se renderiza y carga JavaScript externo\"}]",
"id": "CVE-2021-25986",
"lastModified": "2024-11-21T05:55:44.260",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"vulnerabilitylab@mend.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-11-23T20:15:10.583",
"references": "[{\"url\": \"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\", \"source\": \"vulnerabilitylab@mend.io\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\", \"source\": \"vulnerabilitylab@mend.io\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "vulnerabilitylab@mend.io",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"vulnerabilitylab@mend.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-25986\",\"sourceIdentifier\":\"vulnerabilitylab@mend.io\",\"published\":\"2021-11-23T20:15:10.583\",\"lastModified\":\"2024-11-21T05:55:44.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.\"},{\"lang\":\"es\",\"value\":\"En Django-wiki, versiones 0.0.20 a 0.7.8, son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) Almacenado en la secci\u00f3n de notificaciones. Un atacante que tenga acceso a las p\u00e1ginas de edici\u00f3n puede inyectar una carga \u00fatil de JavaScript en el campo title. Cuando una v\u00edctima recibe una notificaci\u00f3n sobre los cambios realizados en la aplicaci\u00f3n, la carga \u00fatil en el panel de notificaciones se renderiza y carga JavaScript externo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnerabilitylab@mend.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"vulnerabilitylab@mend.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:django-wiki_project:django-wiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.0.20\",\"versionEndIncluding\":\"0.7.8\",\"matchCriteriaId\":\"F28B3AA6-B355-444E-A4F6-0514514F9ECF\"}]}]}],\"references\":[{\"url\":\"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\",\"source\":\"vulnerabilitylab@mend.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\",\"source\":\"vulnerabilitylab@mend.io\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:19:19.496Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-25986\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-30T15:27:38.127674Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-30T15:30:33.715Z\"}}], \"cna\": {\"title\": \"Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section\", \"source\": {\"advisory\": \"https://www.whitesourcesoftware.com/vulnerability-database/\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"WhiteSource Vulnerability Research Team (WVR)\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Django-wiki\", \"product\": \"Django-wiki\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.20\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.7.8\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update version to 0.7.9 or later\"}], \"datePublic\": \"2021-11-15T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\", \"tags\": [\"x_refsource_MISC\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Cross-site Scripting (XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"478c68dd-22c1-4a41-97cd-654224dfacff\", \"shortName\": \"Mend\", \"dateUpdated\": \"2021-11-23T19:17:08.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"WhiteSource Vulnerability Research Team (WVR)\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"advisory\": \"https://www.whitesourcesoftware.com/vulnerability-database/\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"0.0.20\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"0.7.8\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Django-wiki\"}]}, \"vendor_name\": \"Django-wiki\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Update version to 0.7.9 or later\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\", \"name\": \"https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\", \"name\": \"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-79 Cross-site Scripting (XSS)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-25986\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section\", \"ASSIGNER\": \"vulnerabilitylab@whitesourcesoftware.com\", \"DATE_PUBLIC\": \"2021-11-15T10:07:00.000Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-25986\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-30T15:44:27.577Z\", \"dateReserved\": \"2021-01-22T00:00:00.000Z\", \"assignerOrgId\": \"478c68dd-22c1-4a41-97cd-654224dfacff\", \"datePublished\": \"2021-11-23T19:17:08.282Z\", \"assignerShortName\": \"Mend\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…