Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-4PFG-2FRF-F67V
HistoryMay 02, 2022 - 3:25 a.m.

MoinMoin Cross-site Scripting (XSS) vulnerability

2022-05-0203:25:39
CWE-79
GitHub Advisory Database
github.com
5
moinmoin
cross-site scripting
attachfile.py
vulnerability
remote attackers
html
cve-2009-0260

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.

Affected configurations

Vulners
Node
moinRange<1.8.3
VendorProductVersionCPE
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Related

openvas 27
osv 2
nvd 2
prion 2
cvelist 2
debiancve 2
cve 2
ubuntucve 2
redhatcve 1
exploitdb 1
nessus 9
ubuntu 2
debian 3
freebsd 3
github 1
securityvulns 2
fedora 5
openvas
openvas
FreeBSD Ports: moinmoin
2009-05-20 00:00:00
FreeBSD Ports: moinmoin
2009-05-20 00:00:00
Ubuntu: Security Advisory (USN-774-1)
2009-06-05 00:00:00
osv
osv
PYSEC-2009-6
2009-04-29 18:30:00
moin - insufficient input sanitising
2009-01-29 00:00:00
nvd
nvd
CVE-2009-1482
2009-04-29 18:30:00
CVE-2009-0260
2009-01-23 19:00:05
prion
prion
Cross site scripting
2009-04-29 18:30:00
Cross site scripting
2009-01-23 19:00:00
cvelist
cvelist
CVE-2009-1482
2009-04-29 18:06:00
CVE-2009-0260
2009-01-23 18:38:00
debiancve
debiancve
CVE-2009-1482
2009-04-29 18:30:00
CVE-2009-0260
2009-01-23 19:00:05
cve
cve
CVE-2009-1482
2009-04-29 18:30:00
CVE-2009-0260
2009-01-23 19:00:05
ubuntucve
ubuntucve
CVE-2009-1482
2009-04-29 00:00:00
CVE-2009-0260
2009-01-23 00:00:00
redhatcve
redhatcve
CVE-2009-0260
2019-10-04 21:09:02
exploitdb
exploitdb
MoinMoin 1.8 - &#039;AttachFile.py&#039; Cross-Site Scripting
2009-01-20 00:00:00
nessus
nessus
Debian DSA-1791-1 : moin - insufficient input sanitising
2009-05-07 00:00:00
FreeBSD : moinmoin -- XSS vulnerabilities (bfe218a5-4218-11de-b67a-0030843d3802)
2009-05-18 00:00:00
Ubuntu 8.10 / 9.04 : moin vulnerability (USN-774-1)
2009-05-12 00:00:00
ubuntu
ubuntu
MoinMoin vulnerability
2009-05-11 00:00:00
MoinMoin vulnerabilities
2009-01-30 00:00:00
debian
debian
[SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting
2009-05-06 11:41:28
[SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising
2009-01-29 07:14:15
[SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising
2009-01-29 07:14:15
freebsd
freebsd
moinmoin -- cross-site scripting vulnerabilities
2009-04-21 00:00:00
moinmoin -- multiple cross site scripting vulnerabilities
2009-01-21 00:00:00
moinmoin -- multiple cross site scripting vulnerabilities
2009-01-21 00:00:00
github
github
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
2022-05-02 03:13:51
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-01-31 00:00:00
[SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising
2009-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: moin-1.6.4-2.fc9
2009-06-18 11:43:30
[SECURITY] Fedora 10 Update: moin-1.6.4-1.fc10
2009-04-22 01:12:01
[SECURITY] Fedora 9 Update: moin-1.6.4-1.fc9
2009-04-22 01:04:22

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON
Related for GHSA-4PFG-2FRF-F67V
openvas27osv2nvd2prion2cvelist2debiancve2cve2ubuntucve2redhatcve1exploitdb1nessus9ubuntu2debian3freebsd3github1securityvulns2fedora5