CVE-2010-2487

2010-08-0500:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and
earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers
to inject arbitrary web script or HTML via crafted content, related to (1)
Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4)
action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7)
action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10)
action/recoverpass.py.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchmoin< 1.5.2-1ubuntu2.7UNKNOWN
ubuntu8.04noarchmoin< 1.5.8-5.1ubuntu2.5UNKNOWN
ubuntu9.04noarchmoin< 1.8.2-2ubuntu2.5UNKNOWN
ubuntu9.10noarchmoin< 1.8.4-1ubuntu1.3UNKNOWN
ubuntu10.04noarchmoin< 1.9.2-2ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	moin	< 1.5.2-1ubuntu2.7	UNKNOWN
ubuntu	8.04	noarch	moin	< 1.5.8-5.1ubuntu2.5	UNKNOWN
ubuntu	9.04	noarch	moin	< 1.8.2-2ubuntu2.5	UNKNOWN
ubuntu	9.10	noarch	moin	< 1.8.4-1ubuntu1.3	UNKNOWN
ubuntu	10.04	noarch	moin	< 1.9.2-2ubuntu3.1	UNKNOWN