CVE-2010-2487

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.

References

http://www.vupen.com/english/advisories/2010/1981

http://www.debian.org/security/2010/dsa-2083

http://secunia.com/advisories/40836

http://moinmo.in/SecurityFixes

http://moinmo.in/MoinMoinRelease1.9

http://moinmo.in/MoinMoinRelease1.8

http://marc.info/?l=oss-security&m=127809682420259&w=2

http://marc.info/?l=oss-security&m=127799369406968&w=2

http://hg.moinmo.in/moin/1.9/rev/e50b087c4572

http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513

http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES

http://hg.moinmo.in/moin/1.8/rev/4238b0c90871

http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES

http://hg.moinmo.in/moin/1.7/rev/37306fba2189

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809

Details

Source: Mitre, NVD

Published: 2010-08-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium