Lucene search

GitHub Advisory DatabaseGHSA-7HJM-HQGJ-XV9F

HistoryMay 02, 2022 - 3:13 a.m.

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

2022-05-0203:13:51

CWE-79

GitHub Advisory Database

github.com

moinmoin

cross-site scripting

xss

vulnerabilities

attachfile

remote attackers

web script

html

wikisandbox

rename parameter

drawing parameter

basename variable

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

Affected configurations

Vulners

Node

moinRange<1.8.1

VendorProductVersionCPE
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	moin	*	cpe:2.3:a::moin::::::::*

References

moinmo.in/SecurityFixes#moin1.8.1

osvdb.org/51485

secunia.com/advisories/33593

secunia.com/advisories/33716

secunia.com/advisories/33755

www.securityfocus.com/archive/1/500197/100/0/threaded

www.securityfocus.com/bid/33365

www.vupen.com/english/advisories/2009/0195

exchange.xforce.ibmcloud.com/vulnerabilities/48126

github.com/advisories/GHSA-7hjm-hqgj-xv9f

nvd.nist.gov/vuln/detail/CVE-2009-0260

usn.ubuntu.com/716-1

web.archive.org/web/20200228171520/hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1

www.debian.org/security/2009/dsa-1715

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.007

Percentile

79.8%

JSON

Related for GHSA-7HJM-HQGJ-XV9F