Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04Zmo5LXBqNHAtNHZxN82ydA

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
The issue has been fixed on d0152eeb4499 and 4ede07e792dd.

Permalink: https://github.com/advisories/GHSA-8fj9-pj4p-4vq7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Zmo5LXBqNHAtNHZxN82ydA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 6 months ago

Identifiers: GHSA-8fj9-pj4p-4vq7, CVE-2008-1098
References:

Blast Radius: 0.0

Affected Packages

pypi:moin

Dependent packages: 0
Dependent repositories: 46
Downloads: 605 last month
Affected Version Ranges: <= 1.5.8
No known fixed version
All affected versions: