CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
79.8%
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py
in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary
web script or HTML via (1) an AttachFile sub-action in the error_msg
function or (2) multiple vectors related to package file errors in the
upload_form function, different vectors than CVE-2009-0260.
Author | Note |
---|---|
mdeslaur | debian says etch is not affected, as the XSS vulns are already fixed. I checked dapper and hardy and they don’t seem affected either. |