PT-2010-2554 · Moinmoin · Moinmoin

Jamie Strandboge

Published

2010-04-05

Updated

2022-05-02

CVE-2010-0828

CVSS v4.0

4.8

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions MoinMoin versions 1.8.7 through 1.9.2

Description The issue allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI, which is a result of a cross-site scripting (XSS) vulnerability in the Despam action module, specifically in the action/Despam.py file.

Recommendations For versions 1.8.7 and 1.9.2, consider restricting access to the Despam action module until a patch is available. As a temporary workaround, avoid using the Despam action module in MoinMoin until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-0828

DSA-2024-1

GHSA-FC72-V54C-X9JG

PYSEC-2010-28

Affected Products

Moinmoin

PT-2010-2554 · Moinmoin · Moinmoin

CVE-2010-0828

Weakness Enumeration

Related Identifiers

Affected Products

References · 36