FKIE_CVE-2025-45388

Vulnerability from fkie_nvd - Published: 2025-05-07 19:16 - Updated: 2025-05-09 14:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been well documented that when serving uploaded files using a method outside of Wagtail (which admittedly is the default), it requires additional configuration from the developer, because Wagtail cannot control how these are served. ... For example, if a Wagtail instance is configured to upload files into AWS S3, Wagtail cannot control the permissions on how they're served, nor any headers used when serving them (a limitation of S3)."
References
cve@mitre.orghttps://docs.wagtail.org/en/stable/deployment/under_the_hood.html#documents
cve@mitre.orghttps://github.com/echoBRT/Wagtail-CMS-XSS/
cve@mitre.orghttps://github.com/wagtail/wagtail/discussions/12617
cve@mitre.orghttps://github.com/wagtail/wagtail/pull/12672
cve@mitre.orghttps://github.com/wagtail/wagtail/wiki/Security-team
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/echoBRT/Wagtail-CMS-XSS/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because \"It has been well documented that when serving uploaded files using a method outside of Wagtail (which admittedly is the default), it requires additional configuration from the developer, because Wagtail cannot control how these are served. ... For example, if a Wagtail instance is configured to upload files into AWS S3, Wagtail cannot control the permissions on how they\u0027re served, nor any headers used when serving them (a limitation of S3).\""
    },
    {
      "lang": "es",
      "value": "Wagtail CMS 6.4.1 es vulnerable a un ataque de Cross-Site Scripting (XSS) almacenado en la funci\u00f3n de carga de documentos. Los atacantes pueden inyectar c\u00f3digo malicioso en un archivo PDF. Cuando un usuario hace clic en el documento en la interfaz del CMS, se ejecuta el payload."
    }
  ],
  "id": "CVE-2025-45388",
  "lastModified": "2025-05-09T14:15:37.813",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-07T19:16:08.680",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://docs.wagtail.org/en/stable/deployment/under_the_hood.html#documents"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/echoBRT/Wagtail-CMS-XSS/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wagtail/wagtail/discussions/12617"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wagtail/wagtail/pull/12672"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wagtail/wagtail/wiki/Security-team"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/echoBRT/Wagtail-CMS-XSS/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.