Lucene search

Ubuntu.comUB:CVE-2009-1482

HistoryApr 29, 2009 - 12:00 a.m.

CVE-2009-1482

2009-04-2900:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py
in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary
web script or HTML via (1) an AttachFile sub-action in the error_msg
function or (2) multiple vectors related to package file errors in the
upload_form function, different vectors than CVE-2009-0260.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526594>

Notes

Author	Note
mdeslaur	debian says etch is not affected, as the XSS vulns are already fixed. I checked dapper and hardy and they don’t seem affected either.

OSVersionArchitecturePackageVersionFilename
ubuntu8.10noarchmoin< 1.7.1-1ubuntu1.2UNKNOWN
ubuntu9.04noarchmoin< 1.8.2-2ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.10	noarch	moin	< 1.7.1-1ubuntu1.2	UNKNOWN
ubuntu	9.04	noarch	moin	< 1.8.2-2ubuntu2.1	UNKNOWN

References

moinmo.in/SecurityFixes

launchpad.net/bugs/cve/CVE-2009-1482

nvd.nist.gov/vuln/detail/CVE-2009-1482

security-tracker.debian.org/tracker/CVE-2009-1482

ubuntu.com/security/notices/USN-774-1

www.cve.org/CVERecord?id=CVE-2009-1482

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for UB:CVE-2009-1482