moinmoin -- multiple cross site scripting vulnerabilities

2009-01-21T00:00:00
ID FC4D0AE8-3FA3-11DE-A3FD-0030843D3802
Type freebsd
Reporter FreeBSD
Modified 2009-01-21T00:00:00

Description

Secunia reports:

Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Certain input passed to security/antispam.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.