Lucene search

FreeBSD6A523DBA-EEAB-11DD-AB4F-0030843D3802

HistoryJan 21, 2009 - 12:00 a.m.

moinmoin -- multiple cross site scripting vulnerabilities

2009-01-2100:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Secunia reports:

Input passed to multiple parameters in action/AttachFile.py is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user’s
browser session in the context of an affected site.
Certain input passed to security/antispam.py is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user’s browser session in
the context of an affected site.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmoinmoin< 1.8.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	moinmoin	< 1.8.1	UNKNOWN

References

hg.moinmo.in/moin/1.8/file/c76d50dac855

hg.moinmo.in/moin/1.8/rev/89b91bf87dad

moinmo.in/SecurityFixes#moin1.8.1

secunia.com/advisories/33593/

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for 6A523DBA-EEAB-11DD-AB4F-0030843D3802