Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2010-0828

Published: 05/04/2010 Updated: 17/08/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Moinmoin

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moinmo moinmoin 1.8.7

moinmo moinmoin 1.9.2

Vendor Advisories

Debian CVElist Bug Report Logs: XSS in Despam action (CVE-2010-0828)
Debian Bug report logs - #575995 XSS in Despam action (CVE-2010-0828) Package: moin; Maintainer for moin is Steve McIntyre <93sam@debianorg>; Reported by: Frank Lin PIAT <fpiat@klabsbe> Date: Wed, 31 Mar 2010 07:18:02 UTC Severity: normal Found in versions 171-2, 153-12, 153-12etch2, 171-3+lenny3 Fixed ...
Ubuntu Security Notice: moin vulnerabilities
It was discovered that MoinMoin did not properly sanitize its input when processing Despam actions, resulting in cross-site scripting (XSS) vulnerabilities If a privileged wiki user were tricked into performing the Despam action on a page with a crafted title, a remote attacker could exploit this to execute JavaScript code (CVE-2010-0828) ...
Debian Security Advisories: DSA-2024-1 moin -- insufficient input sanitising
Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and " ...

References

CWE-79http://www.securityfocus.com/bid/39110http://www.vupen.com/english/advisories/2010/0767http://www.debian.org/security/2010/dsa-2024https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022http://secunia.com/advisories/39190http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995http://hg.moinmo.in/moin/1.9/rev/6e603e5411cahttps://bugzilla.redhat.com/show_bug.cgi?id=578801http://secunia.com/advisories/39188http://www.vupen.com/english/advisories/2010/0834http://www.vupen.com/english/advisories/2010/0831http://www.ubuntu.com/usn/USN-925-1http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.htmlhttp://secunia.com/advisories/39267http://secunia.com/advisories/39284https://exchange.xforce.ibmcloud.com/vulnerabilities/57435https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995https://usn.ubuntu.com/925-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook