CVE-2021-25986

Name of the Vulnerable Software and Affected Versions Django-wiki versions 0.0.20 through 0.7.8

Description The issue concerns Stored Cross-Site Scripting (XSS) in the Notifications Section. An attacker with edit page access can inject a JavaScript payload in the title field. When a victim receives a notification about changes, the payload in the notification panel renders and loads external JavaScript.

Recommendations For Django-wiki versions 0.0.20 through 0.7.8, consider disabling the editing functionality for pages until a patch is available to prevent exploitation. Restrict access to the Notifications Section to minimize the risk of payload rendering. Avoid using the title field in notifications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.