mirror of
https://github.com/wagtail/wagtail.git
synced 2024-11-24 19:17:48 +01:00
8e4a4fae5d
Fixes #8691 * Add dates to markdown based release notes * Add dates to rst based release notes
13 lines
766 B
ReStructuredText
13 lines
766 B
ReStructuredText
===========================
|
|
Wagtail 2.7.2 release notes
|
|
===========================
|
|
|
|
*April 14, 2020*
|
|
|
|
CVE-2020-11001: Possible XSS attack via page revision comparison view
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
This release addresses a cross-site scripting (XSS) vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.
|
|
|
|
Many thanks to Vlad Gerasimenko for reporting this issue.
|