Lucene search

GitHub Advisory DatabaseGHSA-Q7Q4-5G8P-33FQ

HistoryMay 01, 2022 - 11:59 p.m.

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

2022-05-0123:59:36

CWE-79

GitHub Advisory Database

github.com

moinmoin

xss

vulnerabilities

advancedsearch.py

remote attackers

web script

html

unspecified vectors

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.014

Percentile

86.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Vulners

Node

moinMatch1.7.0

moinRange≤1.6.3

VendorProductVersionCPE
*moin1.7.0cpe:2.3:a:*:moin:1.7.0:*:*:*:*:*:*:*
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	moin	1.7.0	cpe:2.3:a::moin:1.7.0:::::::
*	moin	*	cpe:2.3:a::moin::::::::*

References

moinmo.in/SecurityFixes

secunia.com/advisories/31135

www.securityfocus.com/bid/30297

www.vupen.com/english/advisories/2008/2147/references

exchange.xforce.ibmcloud.com/vulnerabilities/43899

github.com/advisories/GHSA-q7q4-5g8p-33fq

nvd.nist.gov/vuln/detail/CVE-2008-3381

web.archive.org/web/20090522153829/hg.moinmo.in/moin/1.7/raw-file/1.7.1/docs/CHANGES

web.archive.org/web/20100207003615/hg.moinmo.in/moin/1.6/raw-file/1.6.4/docs/CHANGES

web.archive.org/web/20100608030052/hg.moinmo.in/moin/1.6/rev/8686a10f1f58

web.archive.org/web/20100608030059/hg.moinmo.in/moin/1.7/rev/383196922b03

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.014

Percentile

86.7%

JSON

Related for GHSA-Q7Q4-5G8P-33FQ