GitHub Advisory DatabaseGHSA-5M2M-27CG-7V4VMoinMoin Cross-site Scripting (XSS) vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.2%
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
Affected configurations
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809
hg.moinmo.in/moin/1.7/rev/37306fba2189
hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES
hg.moinmo.in/moin/1.8/rev/4238b0c90871
hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
hg.moinmo.in/moin/1.9/rev/68ba3cc79513
hg.moinmo.in/moin/1.9/rev/e50b087c4572
marc.info/?l=oss-security&m=127799369406968&w=2
marc.info/?l=oss-security&m=127809682420259&w=2
moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
moinmo.in/MoinMoinRelease1.8
moinmo.in/MoinMoinRelease1.9
moinmo.in/SecurityFixes
www.debian.org/security/2010/dsa-2083
github.com/advisories/GHSA-5m2m-27cg-7v4v
nvd.nist.gov/vuln/detail/CVE-2010-2487
web.archive.org/web/20140801154518/secunia.com/advisories/40836
web.archive.org/web/20200228150629/www.securityfocus.com/bid/40549
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.2%