wagtail 6.3.7

Direct Vulnerabilities

Known vulnerabilities in the wagtail package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Handling of Insufficient Permissions or Privileges wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via revision comparisons. An attacker can gain unauthorized access to sensitive information by supplying the primary keys of two revisions to which they do not have edit permissions. How to fix Improper Handling of Insufficient Permissions or Privileges? Upgrade `wagtail` to version 7.0.7, 7.3.2, 7.4 or higher.	[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)
M Improper Handling of Insufficient Permissions or Privileges wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the API for documents and images. A user with access to the API can access filenames and names of items in private collections by querying the API. How to fix Improper Handling of Insufficient Permissions or Privileges? Upgrade `wagtail` to version 7.0.7, 7.3.2, 7.4 or higher.	[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)
M Improper Handling of Insufficient Permissions or Privileges wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges when viewing page history. A user without edit permissions on a given page can access the history report for that pages. How to fix Improper Handling of Insufficient Permissions or Privileges? Upgrade `wagtail` to version 7.0.7, 7.3.2, 7.4 or higher.	[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)
H Improper Handling of Insufficient Permissions or Privileges wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges on page copy. An attacker can gain unauthorized access to restricted page content by copying pages from areas they do not have permission to access into areas where they do have access. How to fix Improper Handling of Insufficient Permissions or Privileges? Upgrade `wagtail` to version 7.0.7, 7.3.2, 7.4 or higher.	[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)
M Improper Handling of Insufficient Permissions or Privileges wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the deletion of form submissions. A user can remove other users' form submissions without proper authorization by sending malicious requests. Note: This is only exploitable if the attacker has access to the admin interface. How to fix Improper Handling of Insufficient Permissions or Privileges? Upgrade `wagtail` to version 7.0.7, 7.3.2, 7.4 or higher.	[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)
M Cross-site Scripting (XSS) wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `TableBlock` class attributes. A user with access to create or edit pages containing `TableBlock` StreamField blocks in the admin interface can execute arbitrary JavaScript code in the context of a higher-privileged user by crafting malicious class attributes, which are rendered when the page is viewed by an authenticated user with sufficient privileges. How to fix Cross-site Scripting (XSS)? Upgrade `wagtail` to version 6.3.8, 7.0.6, 7.2.3, 7.3.1 or higher.	[,6.3.8)[6.4rc1,7.0.6)[7.1rc1,7.2.3)[7.3rc1,7.3.1)
M Cross-site Scripting (XSS) wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `wagtail.contrib.simple_translation` module. A user with access to the admin area can execute arbitrary JavaScript code in the context of another user's session by creating a specially-crafted page title and having another authenticated user perform the "Translate" action in the admin interface. This may allow the attacker to perform actions with the victim's credentials. How to fix Cross-site Scripting (XSS)? Upgrade `wagtail` to version 6.3.8, 7.0.6, 7.2.3, 7.3.1 or higher.	[,6.3.8)[6.4rc1,7.0.6)[7.1rc1,7.2.3)[7.3rc1,7.3.1)

Vulnerability

Vulnerable Version

Improper Handling of Insufficient Permissions or Privileges

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via revision comparisons. An attacker can gain unauthorized access to sensitive information by supplying the primary keys of two revisions to which they do not have edit permissions.

How to fix Improper Handling of Insufficient Permissions or Privileges?

Upgrade wagtail to version 7.0.7, 7.3.2, 7.4 or higher.

[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)

Improper Handling of Insufficient Permissions or Privileges

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the API for documents and images. A user with access to the API can access filenames and names of items in private collections by querying the API.

How to fix Improper Handling of Insufficient Permissions or Privileges?

Upgrade wagtail to version 7.0.7, 7.3.2, 7.4 or higher.

[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)

Improper Handling of Insufficient Permissions or Privileges

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges when viewing page history. A user without edit permissions on a given page can access the history report for that pages.

How to fix Improper Handling of Insufficient Permissions or Privileges?

Upgrade wagtail to version 7.0.7, 7.3.2, 7.4 or higher.

[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)

Improper Handling of Insufficient Permissions or Privileges

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges on page copy. An attacker can gain unauthorized access to restricted page content by copying pages from areas they do not have permission to access into areas where they do have access.

How to fix Improper Handling of Insufficient Permissions or Privileges?

Upgrade wagtail to version 7.0.7, 7.3.2, 7.4 or higher.

[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)

Improper Handling of Insufficient Permissions or Privileges

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the deletion of form submissions. A user can remove other users' form submissions without proper authorization by sending malicious requests.

Note: This is only exploitable if the attacker has access to the admin interface.

How to fix Improper Handling of Insufficient Permissions or Privileges?

Upgrade wagtail to version 7.0.7, 7.3.2, 7.4 or higher.

[,7.0.7)[7.1rc1,7.3.2)[7.4rc1,7.4)

Cross-site Scripting (XSS)

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the TableBlock class attributes. A user with access to create or edit pages containing TableBlock StreamField blocks in the admin interface can execute arbitrary JavaScript code in the context of a higher-privileged user by crafting malicious class attributes, which are rendered when the page is viewed by an authenticated user with sufficient privileges.

How to fix Cross-site Scripting (XSS)?

Upgrade wagtail to version 6.3.8, 7.0.6, 7.2.3, 7.3.1 or higher.

[,6.3.8)[6.4rc1,7.0.6)[7.1rc1,7.2.3)[7.3rc1,7.3.1)

Cross-site Scripting (XSS)

wagtail is an open source content management system built on Django.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the wagtail.contrib.simple_translation module. A user with access to the admin area can execute arbitrary JavaScript code in the context of another user's session by creating a specially-crafted page title and having another authenticated user perform the "Translate" action in the admin interface. This may allow the attacker to perform actions with the victim's credentials.

How to fix Cross-site Scripting (XSS)?

Upgrade wagtail to version 6.3.8, 7.0.6, 7.2.3, 7.3.1 or higher.

[,6.3.8)[6.4rc1,7.0.6)[7.1rc1,7.2.3)[7.3rc1,7.3.1)

wagtail@6.3.7

A Django content management system.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically