mirror of
https://github.com/wagtail/wagtail.git
synced 2024-11-30 19:20:56 +01:00
11 lines
748 B
ReStructuredText
11 lines
748 B
ReStructuredText
|
===========================
|
||
|
Wagtail 2.7.2 release notes
|
||
|
===========================
|
||
|
|
||
|
CVE-2020-11001: Possible XSS attack via page revision comparison view
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
|
||
|
This release addresses a cross-site scripting (XSS) vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.
|
||
|
|
||
|
Many thanks to Vlad Gerasimenko for reporting this issue.
|