PT-2009-3980 · Moinmoin · Moinmoin

Published

2009-04-29

Updated

2022-05-02

CVE-2009-1482

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions: MoinMoin versions 1.8.2 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including an AttachFile sub-action in the error msg function or multiple vectors related to package file errors in the upload form function.

Recommendations: For MoinMoin versions 1.8.2 and earlier, consider disabling the action/AttachFile.py module until a patch is available. Restrict access to the upload form function to minimize the risk of exploitation. Avoid using the error msg function in the AttachFile sub-action until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-1482

DSA-1791-1

GHSA-4PFG-2FRF-F67V

PYSEC-2009-6

Affected Products

Moinmoin

PT-2009-3980 · Moinmoin · Moinmoin

CVE-2009-1482

Weakness Enumeration

Related Identifiers

Affected Products

References · 21