Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2083.NASLHistoryAug 04, 2010 - 12:00 a.m.
Debian DSA-2083-1 : moin - missing input sanitization
2010-08-0400:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.2%
It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting (XSS) attacks for example via the template parameter.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2083. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(48240);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2010-2487", "CVE-2010-2969", "CVE-2010-2970");
script_bugtraq_id(40549);
script_xref(name:"DSA", value:"2083");
script_name(english:"Debian DSA-2083-1 : moin - missing input sanitization");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that moin, a python clone of WikiWiki, does not
sufficiently sanitize parameters when passing them to the add_msg
function. This allows a remote attackers to conduct cross-site
scripting (XSS) attacks for example via the template parameter."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2010/dsa-2083"
);
script_set_attribute(
attribute:"solution",
value:
"For the stable distribution (lenny), this problem has been fixed in
version 1.7.1-3+lenny5."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:moin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2010/08/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"5.0", prefix:"python-moinmoin", reference:"1.7.1-3+lenny5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | moin | p-cpe:/a:debian:debian_linux:moin |
| debian | debian_linux | 5.0 | cpe:/o:debian:debian_linux:5.0 |
Related
openvas
openvas
MoinMoin 'PageEditor.py' Cross-Site Scripting Vulnerability
2010-07-05 00:00:00
Ubuntu Update for moin vulnerabilities USN-977-1
2010-08-30 00:00:00
Ubuntu: Security Advisory (USN-977-1)
2010-08-30 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : moin vulnerabilities (USN-977-1)
2010-08-26 00:00:00
GLSA-201210-02 : MoinMoin: Multiple vulnerabilities
2012-10-19 00:00:00
MoinMoin PageEditor.py template Parameter XSS
2010-06-07 00:00:00
ubuntu
ubuntu
MoinMoin vulnerabilities
2010-08-25 00:00:00
securityvulns
securityvulns
[USN-977-1] MoinMoin vulnerabilities
2010-08-26 00:00:00
cve
cve
nvd
nvd
github
github
MoinMoin cross-site scripting (XSS) vulnerability
2022-05-17 05:49:23
MoinMoin cross-site scripting (XSS) vulnerability
2022-05-17 05:49:23
MoinMoin Cross-site Scripting (XSS) vulnerability
2022-05-17 05:49:23
prion
prion
Cross site scripting
2010-08-05 13:22:00
Cross site scripting
2010-08-05 13:22:00
Cross site scripting
2010-08-05 13:22:00
cvelist
cvelist
osv
osv
MoinMoin cross-site scripting (XSS) vulnerability
2022-05-17 05:49:23
PYSEC-2010-18
2010-08-05 13:22:00
MoinMoin cross-site scripting (XSS) vulnerability
2022-05-17 05:49:23
debiancve
debiancve
ubuntucve
ubuntucve
gentoo
gentoo
MoinMoin: Multiple vulnerabilities
2012-10-18 00:00:00
debian
debian
[SECURITY] [DSA 2083-1] New moin packages fix cross-site scripting
2010-08-02 19:09:12
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.2%
Related for DEBIAN_DSA-2083.NASL