Alii76Tt

**Name of the Vulnerable Software and Affected Versions** Wagtail CMS version 6.4.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. **Recommendations** For Wagtail CMS version 6.4.1, as a temporary workaround, consider restricting the upload of PDF files or disabling the document upload functionality until a patch is available. Avoid using the affected document upload feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.