XSS in Moinmo Moinmoin
CVE-2010-0828
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.006 (68.8th percentile) — read the EPSS interpretation.
Affected products
- Moinmo Moinmoin — versions 1.9.2, 1.8.7
- N/a — versions n/a
Weakness classification (CWE)
References
- security@ubuntu.com (x_refsource_CONFIRM)
- security@ubuntu.com (x_refsource_CONFIRM, Exploit, Patch)
- FEDORA-2010-6012 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2010-6134 (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2010-6180 (vendor-advisory, x_refsource_FEDORA)
- 39188 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- 39190 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- 39267 (x_refsource_SECUNIA, third-party-advisory)
- 39284 (x_refsource_SECUNIA, third-party-advisory)
- DSA-2024 (vendor-advisory, x_refsource_DEBIAN)