CVE-2021-25986 MEDIUM

CVE-2021-25986: Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section

Vendor Django-Wiki

Product Django-wiki

Weakness CWE-79 · XSS

Published November 23, 2021

Last update April 30, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.

Key dates

02Disclosure timeline

November 23, 2021 CVE published

April 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25986

Related vulnerabilities

Identifiers

CVE CVE-2021-25986

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Django-Wiki

Product Django-wiki

Affected ≥ 0.0.20 and < unspecified

Vendor Django-Wiki

Product Django-wiki

Affected ≥ unspecified and ≤ 0.7.8

CVE-2021-25986: Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section

01Description

02Disclosure timeline

03References

04Related CVE