Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2010-0828

Published: 05/04/2010 Updated: 17/08/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moinmo moinmoin 1.8.7

moinmo moinmoin 1.9.2

Vendor Advisories

Ubuntu Security Notice: moin vulnerabilities
It was discovered that MoinMoin did not properly sanitize its input when processing Despam actions, resulting in cross-site scripting (XSS) vulnerabilities If a privileged wiki user were tricked into performing the Despam action on a page with a crafted title, a remote attacker could exploit this to execute JavaScript code (CVE-2010-0828) ...
Debian CVElist Bug Report Logs: XSS in Despam action (CVE-2010-0828)
Debian Bug report logs - #575995 XSS in Despam action (CVE-2010-0828) Package: moin; Maintainer for moin is Steve McIntyre <93sam@debianorg>; Reported by: Frank Lin PIAT <fpiat@klabsbe> Date: Wed, 31 Mar 2010 07:18:02 UTC Severity: normal Found in versions 171-2, 153-12, 153-12etch2, 171-3+lenny3 Fixed ...
Debian Security Advisories: DSA-2024-1 moin -- insufficient input sanitising
Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and " ...

References

CWE-79http://www.securityfocus.com/bid/39110http://www.vupen.com/english/advisories/2010/0767http://www.debian.org/security/2010/dsa-2024https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022http://secunia.com/advisories/39190http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995http://hg.moinmo.in/moin/1.9/rev/6e603e5411cahttps://bugzilla.redhat.com/show_bug.cgi?id=578801http://secunia.com/advisories/39188http://www.vupen.com/english/advisories/2010/0834http://www.vupen.com/english/advisories/2010/0831http://www.ubuntu.com/usn/USN-925-1http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.htmlhttp://secunia.com/advisories/39267http://secunia.com/advisories/39284https://exchange.xforce.ibmcloud.com/vulnerabilities/57435https://nvd.nist.govhttps://usn.ubuntu.com/925-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilegeCVE-2022-48762CVE-2022-48751CVE-2024-37079CVE-2024-30848LFIman-in-the-middleCVE-2022-48736CVE-2024-30103
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook