Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310801307
HistoryApr 13, 2010 - 12:00 a.m.

MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability

2010-04-1300:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
8

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

MoinMoin Wiki is prone to a cross-site scripting (XSS) vulnerability.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:moinmo:moinmoin";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801307");
  script_version("2024-03-04T14:37:58+0000");
  script_cve_id("CVE-2010-0828");
  script_tag(name:"last_modification", value:"2024-03-04 14:37:58 +0000 (Mon, 04 Mar 2024)");
  script_tag(name:"creation_date", value:"2010-04-13 16:55:19 +0200 (Tue, 13 Apr 2010)");
  script_tag(name:"cvss_base", value:"3.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_name("MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_moinmoin_wiki_detect.nasl");
  script_mandatory_keys("moinmoinWiki/installed");

  script_xref(name:"URL", value:"http://moinmo.in/SecurityFixes");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/39110");
  script_xref(name:"URL", value:"http://secunia.com/advisories/39188");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=578801");
  script_xref(name:"URL", value:"http://comments.gmane.org/gmane.comp.security.oss.general/2773");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers to execute arbitrary scripting
  code.");
  script_tag(name:"affected", value:"MoinMoin Wiki version 1.8.7 and 1.9.2");
  script_tag(name:"insight", value:"Input passed via the 'page' name which is not properly sanitising before being
  returned to the user in 'Despam.py'. This can be exploited to insert arbitrary
  HTML and script code, when the Despam functionality is used on a page with a
  specially crafted page name.");
  script_tag(name:"solution", value:"Upgrade MoinMoin Wiki 1.9.2-3 or latest.");
  script_tag(name:"summary", value:"MoinMoin Wiki is prone to a cross-site scripting (XSS) vulnerability.");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_is_equal( version:vers, test_version:"1.8.7" ) ||
    version_is_equal( version:vers, test_version:"1.9.2" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"1.9.2-3" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

openvas 16
debian 2
osv 2
prion 1
cvelist 1
nessus 7
cve 1
ubuntucve 1
securityvulns 2
freebsd 1
github 1
fedora 5
debiancve 1
ubuntu 1
gentoo 1
openvas
openvas
Fedora Update for moin FEDORA-2010-9857
2010-06-18 00:00:00
Debian: Security Advisory (DSA-2024-1)
2023-03-08 00:00:00
Fedora Update for moin FEDORA-2010-6134
2010-04-09 00:00:00
debian
debian
[SECURITY] [DSA 2024-1] New moin packages fix cross-site scripting
2010-03-31 08:39:14
[SECURITY] [DSA 2024-1] New moin packages fix cross-site scripting
2010-03-31 08:39:02
osv
osv
PYSEC-2010-28
2010-04-05 15:30:00
moin - cross-site scripting
2010-03-31 00:00:00
prion
prion
Cross site scripting
2010-04-05 15:30:00
cvelist
cvelist
CVE-2010-0828
2010-04-05 15:15:00
nessus
nessus
Fedora 13 : moin-1.9.2-2.fc13 (2010-6180)
2010-07-01 00:00:00
FreeBSD : MoinMoin -- XSS vulnerabilities (4c017345-1d89-11e0-bbee-0014a5e3cda6)
2011-01-19 00:00:00
Fedora 12 : moin-1.8.7-2.fc12 (2010-6134)
2010-07-01 00:00:00
cve
cve
CVE-2010-0828
2010-04-05 15:30:00
ubuntucve
ubuntucve
CVE-2010-0828
2010-03-30 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2024-1] New moin packages fix cross-site scripting
2010-04-05 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-04-05 00:00:00
freebsd
freebsd
MoinMoin -- cross-site scripting vulnerabilities
2010-04-05 00:00:00
github
github
MoinMoin Cross-site Scripting (XSS) vulnerability
2022-05-02 06:15:57
fedora
fedora
[SECURITY] Fedora 13 Update: moin-1.9.2-2.fc13
2010-04-09 03:57:19
[SECURITY] Fedora 12 Update: moin-1.8.8-1.fc12
2010-06-14 17:17:58
[SECURITY] Fedora 12 Update: moin-1.8.7-2.fc12
2010-04-09 01:46:42
debiancve
debiancve
CVE-2010-0828
2010-04-05 15:30:00
ubuntu
ubuntu
MoinMoin vulnerabilities
2010-04-08 00:00:00
gentoo
gentoo
MoinMoin: Multiple vulnerabilities
2012-10-18 00:00:00

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON
Related for OPENVAS:1361412562310801307
openvas16debian2osv2prion1cvelist1nessus7cve1ubuntucve1securityvulns2freebsd1github1fedora5debiancve1ubuntu1gentoo1