GitHub Advisory DatabaseGHSA-CX94-3H5X-CC57

HistoryMay 02, 2022 - 3:14 a.m.

MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature

2022-05-0203:14:13

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

JSON

Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.

Affected configurations

Vulners

Node

moinRange<1.8.2

CPENameOperatorVersion
moinlt1.8.2

CPE	Name	Operator	Version
	moin	lt	1.8.2

References

moinmo.in/SecurityFixes#moin1.8.1

osvdb.org/51632

secunia.com/advisories/33716

secunia.com/advisories/33755

www.openwall.com/lists/oss-security/2009/01/27/4

exchange.xforce.ibmcloud.com/vulnerabilities/48306

github.com/advisories/GHSA-cx94-3h5x-cc57

nvd.nist.gov/vuln/detail/CVE-2009-0312

usn.ubuntu.com/716-1

web.archive.org/web/20090323075215/hg.moinmo.in/moin/1.8/raw-file/1.8.2/docs/CHANGES

web.archive.org/web/20100825000634/hg.moinmo.in/moin/1.7/rev/89b91bf87dad

web.archive.org/web/20200228151935/hg.moinmo.in/moin/1.8/rev/89b91bf87dad

www.debian.org/security/2009/dsa-1715

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

JSON

Related for GHSA-CX94-3H5X-CC57