Published: 23/01/2009 Updated: 11/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin prior to 1.8.1 allow remote malicious users to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

Vulnerable Product	Search on Vulmon	Subscribe to Product
moinmoin moinmoin 1.2.1
moinmoin moinmoin 1.5.1
moinmoin moinmoin 1.6.1
moinmoin moinmoin 1.5.4
moinmoin moinmoin 1.5.0
moinmoin moinmoin 1.0
moinmoin moinmoin 1.6
moinmoin moinmoin 1.5.5a
moinmoin moinmoin 0.3
moinmoin moinmoin 0.7
moinmoin moinmoin 1.7.0
moinmoin moinmoin 1.7.1
moinmoin moinmoin 1.5.7
moinmoin moinmoin 1.2.2
moinmoin moinmoin 1.1
moinmoin moinmoin 1.5.5
moinmoin moinmoin 1.5.2
moinmoin moinmoin 1.5.3_rc2
moinmoin moinmoin 0.1
moinmoin moinmoin 1.6.0
moinmoin moinmoin
moinmoin moinmoin 1.5.3_rc1
moinmoin moinmoin 1.6.2
moinmoin moinmoin 0.2
moinmoin moinmoin 0.10
moinmoin moinmoin 0.11
moinmoin moinmoin 1.6.3
moinmoin moinmoin 1.5.6
moinmoin moinmoin 0.9
moinmoin moinmoin 1.2
moinmoin moinmoin 1.5.5_rc1
moinmoin moinmoin 1.5.3
moinmoin moinmoin 0.8
moinmoin moinmoin 1.5.8
moinmoin moinmoin 1.7.2
moinmoin moinmoin 1.7.3

Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting (XSS) vulnerabilities With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the conte ...

Debian Bug report logs - #526594 CVE-2009-1482: cross-site scripting (XSS) issue Package: moin; Maintainer for moin is Steve McIntyre <93sam@debianorg>; Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Sat, 2 May 2009 02:42:01 UTC Severity: important Tags: patch, security Found in versions 171-3+ ...

Debian Bug report logs - #513158 CVE-2009-0260: Multiple cross-site scripting vulnerabilities Package: python-moinmoin; Maintainer for python-moinmoin is Steve McIntyre <93sam@debianorg>; Source for python-moinmoin is src:moin (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon ...

It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260) Another cross-site scripting vulnerability was discovered in the antispam feature (CVE-2009-0312) For the stable distribution (etch) these problems have been fixed in version 153-12etch2 For the testing (l ...

source: wwwsecurityfocuscom/bid/33365/info MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may help the attacke ...

CWE-79 http://moinmo.in/SecurityFixes#moin1.8.1 http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1 http://www.securityfocus.com/bid/33365 http://secunia.com/advisories/33593 http://osvdb.org/51485 http://secunia.com/advisories/33755 http://secunia.com/advisories/33716 http://www.vupen.com/english/advisories/2009/0195 https://www.debian.org/security/2009/dsa-1715 https://exchange.xforce.ibmcloud.com/vulnerabilities/48126 https://usn.ubuntu.com/716-1/http://www.securityfocus.com/archive/1/500197/100/0/threaded https://usn.ubuntu.com/716-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/32746/

CVE-2009-0260

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect