PyPI package
wiki
pkg:pypi/wiki
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28865 | — | < 0.10.1 | 0.10.1 | Mar 18, 2024 | django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close o | ||
| CVE-2021-25986 | — | >= 0.0.20, < 0.7.9 | 0.7.9 | Nov 23, 2021 | In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the ap |
- CVE-2024-28865Mar 18, 2024affected < 0.10.1fixed 0.10.1
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close o
- CVE-2021-25986Nov 23, 2021affected >= 0.0.20, < 0.7.9fixed 0.7.9
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the ap