CVE-2026-28223
MED 6.1Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting (XSS) vulnerability exists on confirmation messages within the wagtail.contrib.simple_translation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, causes arbitrary JavaScript code to run. This could lead to performing actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been patched in versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1.
Affected Applications in Environment
8
orc
v0.4.31-8.el9
27 devices
orc
v0.4.26-1.el7
1 device
orc
v0.4.28-4.el8_10
3 devices
orc
v0.4.31-8.el9
1 device
orc
v0.4.28-4.el8_10
1 device
orc
v0.4.31-8.el9
2 devices
orc
v0.4.31-8.el9
1 device
orc
v0.4.28-3.el8
2 devices
Affected Devices
38
chela03
Linux
chela04
Linux
chela05
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-05.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-10.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
el120-14.ece.usu.edu
Linux
eprocdev.banner.usu.edu
Linux
facreadyprod.pplant.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
facshibsp2.pplant.usu.edu
Linux
guru.cluster
Linux
paymentworksdev.banner.usu.edu
Linux
References
9
- https://github.com/wagtail/wagtail/commit/1c6f2effed68f4ccad6fbd07987e03641505f863
- https://github.com/wagtail/wagtail/commit/ba70244d376a7b1bd180ded03e827917ff410c19
- https://github.com/wagtail/wagtail/commit/d8c5900982df8ed5938ad993aa9ff69cda50f80c
- https://github.com/wagtail/wagtail/commit/ee39d39deeb7f250fe886417b24802d7e05b1143
- https://github.com/wagtail/wagtail/releases/tag/v6.3.8
- https://github.com/wagtail/wagtail/releases/tag/v7.0.6
- https://github.com/wagtail/wagtail/releases/tag/v7.2.3
- https://github.com/wagtail/wagtail/releases/tag/v7.3.1
- https://github.com/wagtail/wagtail/security/advisories/GHSA-p4v8-rw59-93cq