GitHub Advisory DatabaseGHSA-5M2M-27CG-7V4VMoinMoin Cross-site Scripting (XSS) vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
81.2%
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
Affected configurations
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809
hg.moinmo.in/moin/1.7/rev/37306fba2189
hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES
hg.moinmo.in/moin/1.8/rev/4238b0c90871
hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
hg.moinmo.in/moin/1.9/rev/68ba3cc79513
hg.moinmo.in/moin/1.9/rev/e50b087c4572
marc.info/?l=oss-security&m=127799369406968&w=2
marc.info/?l=oss-security&m=127809682420259&w=2
moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
moinmo.in/MoinMoinRelease1.8
moinmo.in/MoinMoinRelease1.9
moinmo.in/SecurityFixes
www.debian.org/security/2010/dsa-2083
github.com/advisories/GHSA-5m2m-27cg-7v4v
github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-16.yaml
nvd.nist.gov/vuln/detail/CVE-2010-2487
web.archive.org/web/20140801154518/secunia.com/advisories/40836
web.archive.org/web/20200228150629/www.securityfocus.com/bid/40549
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
81.2%