Lucene search

GitHub Advisory DatabaseGHSA-M84W-VGWF-P893

HistoryMay 01, 2022 - 5:47 p.m.

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

2022-05-0117:47:36

CWE-79

GitHub Advisory Database

github.com

moinmoin

xss

vulnerabilities

remote attackers

web script

html

injection

page info

attachfile

renamepage

localsitemap

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.011

Percentile

84.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

Affected configurations

Vulners

Node

moinRange<1.5.7

References

moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES

osvdb.org/31871

osvdb.org/31872

osvdb.org/31873

secunia.com/advisories/24096

secunia.com/advisories/24117

www.osvdb.org/31874

www.securityfocus.com/bid/22506

www.ubuntu.com/usn/usn-421-1

www.vupen.com/english/advisories/2007/0553

exchange.xforce.ibmcloud.com/vulnerabilities/32377

github.com/advisories/GHSA-m84w-vgwf-p893

nvd.nist.gov/vuln/detail/CVE-2007-0857

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.011

Percentile

84.8%

JSON

Related for GHSA-M84W-VGWF-P893