Lucene search

GitHub Advisory DatabaseGHSA-775G-4482-PM94

HistoryMay 01, 2022 - 11:33 p.m.

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

2022-05-0123:33:02

CWE-79

GitHub Advisory Database

github.com

moinmoin

cross-site scripting (xss)

vulnerabilities

remote attackers

web script

html

attachfile.py

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames. The issue was fixed on db212dfc58ef.

Affected configurations

Vulners

Node

moinRange≤1.5.8

VendorProductVersionCPE
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	moin	*	cpe:2.3:a::moin::::::::*

References

hg.moinmo.in/moin/1.5/rev/db212dfc58ef

secunia.com/advisories/28987

secunia.com/advisories/29010

secunia.com/advisories/29262

secunia.com/advisories/29444

secunia.com/advisories/33755

www.debian.org/security/2008/dsa-1514

www.gentoo.org/security/en/glsa/glsa-200803-27.xml

www.securityfocus.com/bid/27904

www.vupen.com/english/advisories/2008/0569/references

bugzilla.redhat.com/show_bug.cgi?id=432748

github.com/advisories/GHSA-775g-4482-pm94

nvd.nist.gov/vuln/detail/CVE-2008-0781

usn.ubuntu.com/716-1

www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Related for GHSA-775G-4482-PM94