Suggestions search

Untriaged

Filter by:

With package: python314Packages.wagtail-modeladmin

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-28223

6.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on confirmation messages within the wagtail.contrib.simple_translation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.

References

https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq x_refsource_CONFIRM
https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863 x_refsource_MISC
https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19 x_refsource_MISC
https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c x_refsource_MISC
https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143 x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v6.3.8 x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v7.0.6 x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v7.2.3 x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v7.3.1 x_refsource_MISC

Affected products

wagtail

==>= 6.4rc1, < 7.0.6
==>= 7.3rc1, < 7.3.1
==< 6.3.8
==>= 7.1rc1, < 7.2.3

Matching in nixpkgs

pkgs.python312Packages.wagtail

Django content management system focused on flexibility and user experience

nixos-25.11 7.2.2
- nixos-25.11-small 7.2.2
- nixpkgs-25.11-darwin 7.2.2

pkgs.python313Packages.wagtail

Django content management system focused on flexibility and user experience

nixos-unstable 7.3
- nixpkgs-unstable 7.3
- nixos-unstable-small 7.3
nixos-25.11 7.2.2
- nixos-25.11-small 7.2.2
- nixpkgs-25.11-darwin 7.2.2

pkgs.python314Packages.wagtail

Django content management system focused on flexibility and user experience

nixos-unstable 7.3
- nixpkgs-unstable 7.3
- nixos-unstable-small 7.3

pkgs.python312Packages.wagtail-localize

Translation plugin for Wagtail CMS

nixos-25.11 1.12.2
- nixos-25.11-small 1.12.2
- nixpkgs-25.11-darwin 1.12.2

pkgs.python313Packages.wagtail-localize

Translation plugin for Wagtail CMS

nixos-unstable 1.13
- nixpkgs-unstable 1.13
- nixos-unstable-small 1.13
nixos-25.11 1.12.2
- nixos-25.11-small 1.12.2
- nixpkgs-25.11-darwin 1.12.2

pkgs.python314Packages.wagtail-localize

Translation plugin for Wagtail CMS

nixos-unstable 1.13
- nixpkgs-unstable 1.13
- nixos-unstable-small 1.13

pkgs.python312Packages.wagtail-factories

Factory boy classes for wagtail

nixos-25.11 4.3.0
- nixos-25.11-small 4.3.0
- nixpkgs-25.11-darwin 4.3.0

pkgs.python313Packages.wagtail-factories

Factory boy classes for wagtail

nixos-unstable 4.4.0
- nixpkgs-unstable 4.4.0
- nixos-unstable-small 4.4.0
nixos-25.11 4.3.0
- nixos-25.11-small 4.3.0
- nixpkgs-25.11-darwin 4.3.0

pkgs.python314Packages.wagtail-factories

Factory boy classes for wagtail

nixos-unstable 4.4.0
- nixpkgs-unstable 4.4.0
- nixos-unstable-small 4.4.0

pkgs.python312Packages.wagtail-modeladmin

Add any model in your project to the Wagtail admin. Formerly wagtail.contrib.modeladmin

nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.python313Packages.wagtail-modeladmin

Add any model in your project to the Wagtail admin. Formerly wagtail.contrib.modeladmin

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.python314Packages.wagtail-modeladmin

Add any model in your project to the Wagtail admin. Formerly wagtail.contrib.modeladmin

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0

Package maintainers

@sephii Sylvain Fankhauser <sephi@fhtagn.top>

Permalink CVE-2026-28222

6.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

Wagtail: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock StreamField blocks is able to set specially-crafted class attributes on the block which run arbitrary JavaScript code when the page is viewed. When viewed by a user with higher privileges, this could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites using TableBlock. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.

References

https://github.com/wagtail/wagtail/security/advisories/GHSA-p5cm-246w-84jm x_refsource_CONFIRM
https://github.com/wagtail/wagtail/commit/0375094bb57ce6e527005c2bb2e871dd20bca04d x_refsource_MISC
https://github.com/wagtail/wagtail/commit/4620423cb22c5253391a0f04178089c1162f6e2e x_refsource_MISC
https://github.com/wagtail/wagtail/commit/575c0d7c18c7716ed73f7a3c2720ad75956f0a85 x_refsource_MISC
https://github.com/wagtail/wagtail/commit/605a5569686565e035313222e1bc2f9802fbc55b x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v6.3.8 x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v7.0.6 x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v7.2.3 x_refsource_MISC
https://github.com/wagtail/wagtail/releases/tag/v7.3.1 x_refsource_MISC

Affected products

wagtail

==>= 7.1rc1, < 7.2.3
==>= 6.4rc1, < 7.0.6
==< 6.3.8
==>= 7.3rc1, < 7.3.1

Matching in nixpkgs

pkgs.python312Packages.wagtail

Django content management system focused on flexibility and user experience

nixos-25.11 7.2.2
- nixos-25.11-small 7.2.2
- nixpkgs-25.11-darwin 7.2.2

pkgs.python313Packages.wagtail

Django content management system focused on flexibility and user experience

nixos-unstable 7.3
- nixpkgs-unstable 7.3
- nixos-unstable-small 7.3
nixos-25.11 7.2.2
- nixos-25.11-small 7.2.2
- nixpkgs-25.11-darwin 7.2.2

pkgs.python314Packages.wagtail

Django content management system focused on flexibility and user experience

nixos-unstable 7.3
- nixpkgs-unstable 7.3
- nixos-unstable-small 7.3

pkgs.python312Packages.wagtail-localize

Translation plugin for Wagtail CMS

nixos-25.11 1.12.2
- nixos-25.11-small 1.12.2
- nixpkgs-25.11-darwin 1.12.2

pkgs.python313Packages.wagtail-localize

Translation plugin for Wagtail CMS

nixos-unstable 1.13
- nixpkgs-unstable 1.13
- nixos-unstable-small 1.13
nixos-25.11 1.12.2
- nixos-25.11-small 1.12.2
- nixpkgs-25.11-darwin 1.12.2

pkgs.python314Packages.wagtail-localize

Translation plugin for Wagtail CMS

nixos-unstable 1.13
- nixpkgs-unstable 1.13
- nixos-unstable-small 1.13

pkgs.python312Packages.wagtail-factories

Factory boy classes for wagtail

nixos-25.11 4.3.0
- nixos-25.11-small 4.3.0
- nixpkgs-25.11-darwin 4.3.0

pkgs.python313Packages.wagtail-factories

Factory boy classes for wagtail

nixos-unstable 4.4.0
- nixpkgs-unstable 4.4.0
- nixos-unstable-small 4.4.0
nixos-25.11 4.3.0
- nixos-25.11-small 4.3.0
- nixpkgs-25.11-darwin 4.3.0

pkgs.python314Packages.wagtail-factories

Factory boy classes for wagtail

nixos-unstable 4.4.0
- nixpkgs-unstable 4.4.0
- nixos-unstable-small 4.4.0

pkgs.python312Packages.wagtail-modeladmin

Add any model in your project to the Wagtail admin. Formerly wagtail.contrib.modeladmin

nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.python313Packages.wagtail-modeladmin

Add any model in your project to the Wagtail admin. Formerly wagtail.contrib.modeladmin

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.python314Packages.wagtail-modeladmin

Add any model in your project to the Wagtail admin. Formerly wagtail.contrib.modeladmin

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0

Package maintainers

@sephii Sylvain Fankhauser <sephi@fhtagn.top>

Permalink CVE-2026-25517

created 2 months, 2 weeks ago Activity log

Created suggestion 2 months, 2 weeks ago

Wagtail has improper permission handling on admin preview endpoints

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data of the user's choosing. The existing data of the object itself is not exposed, but depending on the nature of the template being rendered, this may expose other database contents that would otherwise only be accessible to users with edit access over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3.