moinmoin -- multiple cross site scripting vulnerabilities

2009-01-21T00:00:00
ID 6A523DBA-EEAB-11DD-AB4F-0030843D3802
Type freebsd
Reporter FreeBSD
Modified 2009-01-21T00:00:00

Description

Secunia reports:

Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Certain input passed to security/antispam.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.