XSS in Moinmo Moinmoin

CVE-2010-2969

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/ch…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (69.8th percentile) — read the EPSS interpretation.

Affected products

Moinmo Moinmoin — versions 1.5.4, 1.7.0, 1.5.6
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

ADV-2010-1981 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
40549 (vdb-entry, x_refsource_BID)
DSA-2083 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20100701 CVE request: moin multiple XSS (mailing-list, x_refsource_MLIST)
[oss-security] 20100702 Re: CVE request: moin multiple XSS (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM)