CVE-2007-0857

A flaw was discovered in MoinMoin’s page name sanitizer which could lead to a cross-site scripting attack By tricking a user into viewing a crafted MoinMoin page, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user’s authentication information for the domain where MoinMoin was hosted ...

Debian Bug report logs - #411084 CVE-2007-0901,0902: XSS in debugging information Package: moin; Maintainer for moin is Steve McIntyre <93sam@debianorg>; Reported by: Kees Cook <kees@outfluxnet> Date: Thu, 15 Feb 2007 21:45:02 UTC Severity: grave Tags: patch, security Found in version 134-3 Fixed in version 15 ...

Debian Bug report logs - #410338 CVE-2007-0857: pagename XSS Package: moin; Maintainer for moin is Steve McIntyre <93sam@debianorg>; Reported by: Kees Cook <kees@outfluxnet> Date: Fri, 9 Feb 2007 21:48:02 UTC Severity: critical Tags: fixed-upstream, patch, security, upstream Merged with 410552 Found in version 1 ...