PT-2010-4053 · Moinmoin · Moinmoin
Published
2010-08-04
·
Updated
2022-05-17
·
CVE-2010-2487
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
MoinMoin versions 1.7.3 and earlier
MoinMoin versions 1.8.x before 1.8.8
MoinMoin versions 1.9.x before 1.9.3
Description
Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted content. The issue is related to several files, including
Page.py, PageEditor.py, PageGraphicalEditor.py, action/CopyPage.py, action/Load.py, action/RenamePage.py, action/backup.py, action/login.py, action/newaccount.py, and action/recoverpass.py.Recommendations
For MoinMoin versions 1.7.3 and earlier, update to version 1.7.4 or later.
For MoinMoin versions 1.8.x before 1.8.8, update to version 1.8.8 or later.
For MoinMoin versions 1.9.x before 1.9.3, update to version 1.9.3 or later.
As a temporary workaround, consider restricting access to the vulnerable files until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moinmoin