3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
Jamie Strandboge discovered that moin, a python clone of WikiWiki, does
not sufficiently sanitize the page name in “Despam” action, allowing remote
attackers to perform cross-site scripting (XSS) attacks.
In addition, this update fixes a minor issue in the “textcha” protection, it
could be trivially bypassed by blanking the “textcha-question” and “textcha-answer”
form fields.
For the stable distribution (lenny), these problems have been fixed in
version 1.7.1-3+lenny4.
For the testing (squeeze) and unstable (sid) distribution, these problems
will be fixed soon.
We recommend that you upgrade your moin package.
CPE | Name | Operator | Version |
---|---|---|---|
moin | eq | 1.7.1-3+lenny1 | |
moin | eq | 1.7.1-3+lenny3 | |
moin | eq | 1.7.1-3+lenny2 |