Lucene search

GitHub Advisory DatabaseGHSA-9GJ2-PH57-56F5

HistoryMay 01, 2022 - 5:47 p.m.

MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters

2022-05-0117:47:55

CWE-79

GitHub Advisory Database

github.com

moinmoin

cross-site scripting

xss

vulnerability

hitcounts

general parameters

info pages

remote attackers

arbitrary web script

html

cve-2007-0857

provenance

third party information

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.011

Percentile

84.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Vulners

Node

moinRange≤1.5.7

VendorProductVersionCPE
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	moin	*	cpe:2.3:a::moin::::::::*

References

www.ubuntu.com/usn/usn-423-1

github.com/advisories/GHSA-9gj2-ph57-56f5

moinmo.in/MoinMoinRelease1.5/CHANGES

nvd.nist.gov/vuln/detail/CVE-2007-0901

web.archive.org/web/20070214032031/secunia.com/advisories/24138/

web.archive.org/web/20070227204439/secunia.com/advisories/24244/

web.archive.org/web/20080516214454/www.securityfocus.com/bid/22515

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.011

Percentile

84.8%

JSON

Related for GHSA-9GJ2-PH57-56F5