wagtail is vulnerable to Stored Cross-Site Scripting (XSS). The vulnerability is due to the ModelAdmin
views inside the admin interface, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser.
docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview
docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview
github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62
github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713
github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af
github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91
github.com/wagtail/wagtail/releases/tag/v4.1.4
github.com/wagtail/wagtail/releases/tag/v4.2.2
github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2