GSA_kwCzR0hTQS1majI2LXE0dmgtODVmNs4AAcB4

Moderate CVSS: 5.1 EPSS: 0.00287% (0.5184 Percentile) EPSS:

Permalink JSON

MoinMoin Cross-site Scripting (XSS) vulnerability

Affected Packages	Affected Versions	Fixed Versions
pypi:moin PURL: `pkg:pypi/moin`	= 1.9.8	1.9.9
0 Dependent packages 46 Dependent repositories 412 Downloads last month Affected Version Ranges All affected versions All unaffected versions 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.

References:

Identifiers

GHSA-fj26-q4vh-85f6

CVE-2016-7146

Risk

Severity

Moderate

CVSS

CVSS Score: 5.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS

EPSS Percentage: 0.00287

EPSS Percentile: 0.5184

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 3 years ago

Updated

11 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories