Vulnerabilities > Torchbox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-45809 | Information Exposure Through Log Files vulnerability in Torchbox Wagtail Wagtail is an open source content management system built on Django. | 2.7 |
| 2023-04-03 | CVE-2023-28837 | Allocation of Resources Without Limits or Throttling vulnerability in Torchbox Wagtail Wagtail is an open source content management system built on Django. | 4.9 |
| 2022-01-18 | CVE-2022-21683 | Information Exposure vulnerability in Torchbox Wagtail Wagtail is a Django based content management system focused on flexibility and user experience. | 4.0 |
| 2021-06-17 | CVE-2021-32681 | Cross-site Scripting vulnerability in Torchbox Wagtail Wagtail is an open source content management system built on Django. | 3.5 |
| 2021-04-19 | CVE-2021-29434 | Cross-site Scripting vulnerability in Torchbox Wagtail Wagtail is a Django content management system. | 3.5 |
| 2020-07-20 | CVE-2020-15118 | Cross-site Scripting vulnerability in Torchbox Wagtail In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the `wagtail.contrib.forms` app, and the page template is built using Django's standard form rendering helpers such as form.as_p, any HTML tags used within a form field's help text will be rendered unescaped in the page. | 3.5 |
| 2020-04-30 | CVE-2020-11037 | Race Condition vulnerability in Torchbox Wagtail 2.8/2.8.1 In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. | 1.9 |
| 2020-04-14 | CVE-2020-11001 | Cross-site Scripting vulnerability in Torchbox Wagtail In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. | 3.5 |