GoogleOSV:PYSEC-2010-16PYSEC-2010-16
0.008 Low
EPSS
Percentile
81.2%
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809
hg.moinmo.in/moin/1.7/rev/37306fba2189
hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES
hg.moinmo.in/moin/1.8/rev/4238b0c90871
hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
hg.moinmo.in/moin/1.9/rev/68ba3cc79513
hg.moinmo.in/moin/1.9/rev/e50b087c4572
marc.info/?l=oss-security&m=127799369406968&w=2
marc.info/?l=oss-security&m=127809682420259&w=2
moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
moinmo.in/MoinMoinRelease1.8
moinmo.in/MoinMoinRelease1.9
moinmo.in/SecurityFixes
secunia.com/advisories/40836
www.debian.org/security/2010/dsa-2083
www.securityfocus.com/bid/40549
www.vupen.com/english/advisories/2010/1981
Related
