CVE-2025-45388 Information

Description

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface the payload executes.

Reference

https://github.com/echoBRT/Wagtail-CMS-XSS/