Lucene search

GitHub Advisory DatabaseGHSA-53WJ-6M7W-J6MJ

HistoryMay 01, 2022 - 11:33 p.m.

MoinMoin Cross-site scripting (XSS) vulnerability

2022-05-0123:33:02

CWE-79

GitHub Advisory Database

github.com

moinmoin

xss

vulnerability

remote attackers

web script

html

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.

Affected configurations

Vulners

Node

moinRange<1.6.1

moinRange≤1.5.8

VendorProductVersionCPE
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	moin	*	cpe:2.3:a::moin::::::::*

References

hg.moinmo.in/moin/1.5/rev/2f952fa361c7

hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d

secunia.com/advisories/28987

secunia.com/advisories/29010

secunia.com/advisories/29262

secunia.com/advisories/29444

secunia.com/advisories/33755

www.debian.org/security/2008/dsa-1514

www.gentoo.org/security/en/glsa/glsa-200803-27.xml

www.securityfocus.com/bid/27904

www.vupen.com/english/advisories/2008/0569/references

bugzilla.redhat.com/show_bug.cgi?id=432747

github.com/advisories/GHSA-53wj-6m7w-j6mj

nvd.nist.gov/vuln/detail/CVE-2008-0780

usn.ubuntu.com/716-1

www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Related for GHSA-53WJ-6M7W-J6MJ