Published: 13/02/2007 Updated: 15/11/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moinmoin moinmoin 1.5.7

Debian Bug report logs - #411084 CVE-2007-0901,0902: XSS in debugging information Package: moin; Maintainer for moin is Steve McIntyre <93sam@debianorg>; Reported by: Kees Cook <kees@outfluxnet> Date: Thu, 15 Feb 2007 21:45:02 UTC Severity: grave Tags: patch, security Found in version 134-3 Fixed in version 15 ...

A flaw was discovered in MoinMoin’s debug reporting sanitizer which could lead to a cross-site scripting attack By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user’s authentication information for the domain where MoinMoin was hosted O ...

NVD-CWE-Other http://secunia.com/advisories/24138 http://www.ubuntu.com/usn/usn-423-1 http://www.securityfocus.com/bid/22515 http://secunia.com/advisories/24244 http://osvdb.org/33172 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411084 https://usn.ubuntu.com/423-1/https://nvd.nist.gov

CVE-2007-0901

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect