Lucene search

K

GitHub Advisory DatabaseGHSA-7HJM-HQGJ-XV9F

HistoryMay 02, 2022 - 3:13 a.m.

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

2022-05-0203:13:51

CWE-79

GitHub Advisory Database

github.com

2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.4%

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

Affected configurations

Vulners

Node

moinRange<1.8.1

CPENameOperatorVersion
moinlt1.8.1

References

moinmo.in/SecurityFixes#moin1.8.1

osvdb.org/51485

secunia.com/advisories/33593

secunia.com/advisories/33716

secunia.com/advisories/33755

www.securityfocus.com/archive/1/500197/100/0/threaded

www.securityfocus.com/bid/33365

www.vupen.com/english/advisories/2009/0195

exchange.xforce.ibmcloud.com/vulnerabilities/48126

github.com/advisories/GHSA-7hjm-hqgj-xv9f

nvd.nist.gov/vuln/detail/CVE-2009-0260

usn.ubuntu.com/716-1

web.archive.org/web/20200228171520/hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1

www.debian.org/security/2009/dsa-1715

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.4%

Related for GHSA-7HJM-HQGJ-XV9F

prion2 debiancve2 nvd2 cvelist2 ubuntucve2 cve2 redhatcve1 nessus6 openvas20 freebsd2 debian2 osv2 github1 securityvulns2 fedora5 ubuntu1