PRIOn knowledge basePRION:CVE-2010-2487Cross site scripting
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809
hg.moinmo.in/moin/1.7/rev/37306fba2189
hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES
hg.moinmo.in/moin/1.8/rev/4238b0c90871
hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
hg.moinmo.in/moin/1.9/rev/68ba3cc79513
hg.moinmo.in/moin/1.9/rev/e50b087c4572
moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
moinmo.in/MoinMoinRelease1.8
moinmo.in/MoinMoinRelease1.9
moinmo.in/SecurityFixes
secunia.com/advisories/40836
www.debian.org/security/2010/dsa-2083
www.securityfocus.com/bid/40549
www.vupen.com/english/advisories/2010/1981
marc.info/?l=oss-security&m=127799369406968&w=2
marc.info/?l=oss-security&m=127809682420259&w=2
Related
