Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-7148

Published: 10/11/2016 Updated: 01/02/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Moinmoin

Vulnerability Summary

MoinMoin 1.9.8 allows remote malicious users to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moinmo moinmoin 1.9.8

Vendor Advisories

Ubuntu Security Notice: moin vulnerabilities
Several security issues were fixed in MoinMoin ...
Debian Security Advisories: DSA-3715-1 moin -- security update
Several cross-site scripting vulnerabilities were discovered in moin, a Python clone of WikiWiki A remote attacker can conduct cross-site scripting attacks via the GUI editor's attachment dialogue (CVE-2016-7146), the AttachFile view (CVE-2016-7148) and the GUI editor's link dialogue (CVE-2016-9119) For the stable distribution (jessie), these pro ...
Debian CVElist Bug Report Logs: moin: CVE-2016-7148: XSS in AttachFile view (multifile related)
Debian Bug report logs - #844341 moin: CVE-2016-7148: XSS in AttachFile view (multifile related) Package: src:moin; Maintainer for src:moin is Steve McIntyre <93sam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 14 Nov 2016 15:51:01 UTC Severity: serious Tags: fixed-upstream, patch, sec ...
Debian CVElist Bug Report Logs: moin: CVE-2016-7146: XSS in GUI editor's attachment dialogue
Debian Bug report logs - #844340 moin: CVE-2016-7146: XSS in GUI editor's attachment dialogue Package: src:moin; Maintainer for src:moin is Steve McIntyre <93sam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 14 Nov 2016 15:48:06 UTC Severity: serious Tags: fixed-upstream, patch, securi ...
Debian CVElist Bug Report Logs: moin: CVE-2016-9119: XSS in GUI editor's link dialogue
Debian Bug report logs - #844338 moin: CVE-2016-9119: XSS in GUI editor's link dialogue Package: src:moin; Maintainer for src:moin is Steve McIntyre <93sam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 14 Nov 2016 15:48:02 UTC Severity: serious Tags: fixed-upstream, patch, security, up ...

Exploits

Exploit DB: MoinMoin 1.9.8 Cross Site Scripting
MoinMoin version 198 suffers from cross site scripting vulnerabilities ...

References

CWE-79https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.htmlhttp://www.securityfocus.com/bid/94259http://www.ubuntu.com/usn/USN-3137-1http://www.debian.org/security/2016/dsa-3715https://usn.ubuntu.com/3137-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook