Published: 15/10/2018 Updated: 29/11/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin prior to 1.9.10 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moinmo moinmoin
opensuse leap 42.3
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04
opensuse leap 15.0

Debian Bug report logs - #910776 moin: CVE-2017-5934: XSS in GUI editor related code Package: src:moin; Maintainer for src:moin is Steve McIntyre <93sam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 11 Oct 2018 05:21:02 UTC Severity: serious Tags: patch, security, upstream Found in ve ...

MoinMoin could be made to expose sensitive information if it received a specially crafted input ...

Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki A remote attacker can conduct cross-site scripting attacks via the GUI editor's link dialogue This only affects installations which have set up fckeditor (not enabled by default) For the stable distribution (stretch), this problem has been fixed i ...

CWE-79 https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024 http://moinmo.in/SecurityFixes http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html https://www.debian.org/security/2018/dsa-4318 https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html https://usn.ubuntu.com/3794-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910776 https://usn.ubuntu.com/3794-1/https://nvd.nist.gov

CVE-2017-5934

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect