Search criteria
54 vulnerabilities found for moinmoin by moinmoin
FKIE_CVE-2009-1482
Vulnerability from fkie_nvd - Published: 2009-04-29 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | * | |
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 | |
| moinmoin | moinmoin | 1.6 | |
| moinmoin | moinmoin | 1.6.0 | |
| moinmoin | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | 1.6.2 | |
| moinmoin | moinmoin | 1.6.3 | |
| moinmoin | moinmoin | 1.7 | |
| moinmoin | moinmoin | 1.7.0 | |
| moinmoin | moinmoin | 1.7.1 | |
| moinmoin | moinmoin | 1.7.2 | |
| moinmoin | moinmoin | 1.7.3 | |
| moinmoin | moinmoin | 1.8.0 | |
| moinmoin | moinmoin | 1.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB9D53C-D2DE-4FCA-B20B-43FC0EECF9BD",
"versionEndIncluding": "1.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFA717-B536-46CF-8D96-B850EB4C6F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51DF4CAC-EDD8-4C71-BC77-0F516692B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1CAAA6-8D33-4901-88E2-120AB7B4CD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F89B87E-70F6-4B3C-B684-BE2666342F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "77C78CF4-D4B3-4AE1-A15F-14C3BB8136D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59C423EE-D9F5-4570-A5E8-1AA34F05E0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12CADC-8939-462C-8D40-DD56B13773AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A19C0F96-9054-4DE9-92AD-A9DAF03B4960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5CDE22-2384-4B78-A76F-B95D5FBAD141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E706F537-8473-4E45-9165-CA502263DC2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin v1.8.2 y anteriores permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de (1) una sub-acci\u00f3n AttachFile en la funci\u00f3n error_msg o (2) m\u00faltiples vectores relacionados con los errores de empaquetado de ficheros en la funci\u00f3n upload_form, diferentes vectores que CVE-2009-0260."
}
],
"id": "CVE-2009-1482",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-29T18:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34821"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34945"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35024"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-774-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-774-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0312
Vulnerability from fkie_nvd - Published: 2009-01-28 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E706F537-8473-4E45-9165-CA502263DC2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la caracter\u00edstica antispam (security/antispam.py) en MoinMoin 1.7 y 1.8.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de un contenido rechazado, manipulado."
}
],
"id": "CVE-2009-0312",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-28T01:30:03.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51632"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2009/dsa-1715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0260
Vulnerability from fkie_nvd - Published: 2009-01-23 19:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | * | |
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 | |
| moinmoin | moinmoin | 1.6 | |
| moinmoin | moinmoin | 1.6.0 | |
| moinmoin | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | 1.6.2 | |
| moinmoin | moinmoin | 1.6.3 | |
| moinmoin | moinmoin | 1.7.0 | |
| moinmoin | moinmoin | 1.7.1 | |
| moinmoin | moinmoin | 1.7.2 | |
| moinmoin | moinmoin | 1.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF9B689-609F-4BDA-AD95-BB43EA4A436C",
"versionEndIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFA717-B536-46CF-8D96-B850EB4C6F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51DF4CAC-EDD8-4C71-BC77-0F516692B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1CAAA6-8D33-4901-88E2-120AB7B4CD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F89B87E-70F6-4B3C-B684-BE2666342F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59C423EE-D9F5-4570-A5E8-1AA34F05E0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12CADC-8939-462C-8D40-DD56B13773AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A19C0F96-9054-4DE9-92AD-A9DAF03B4960",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin antes de v1.8.1, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante una acci\u00f3n AttachFile a el componente WikiSandBox con los par\u00e1metros (1) rename o (2) drawing (alias la variable basename)."
}
],
"id": "CVE-2009-0260",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-23T19:00:05.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51485"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33593"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2009/dsa-1715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3381
Vulnerability from fkie_nvd - Published: 2008-07-30 18:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F89B87E-70F6-4B3C-B684-BE2666342F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados en macro/AdvancedSearch.py en moin (y MoinMoin)1.6.3 y 1.7.0, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s vectores no especificados."
}
],
"id": "CVE-2008-3381",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-30T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31135"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1937
Vulnerability from fkie_nvd - Published: 2008-04-25 06:05 - Updated: 2025-04-09 00:30
Severity ?
Summary
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51DF4CAC-EDD8-4C71-BC77-0F516692B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1CAAA6-8D33-4901-88E2-120AB7B4CD53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
},
{
"lang": "es",
"value": "El procesamiento del formulario \"user\" (userform.py) en MoinMoin anterior a 1.6.3, cuando emplea ACLs o una lista de superusuarios que no est\u00e1 vac\u00eda, no gestiona correctamente los usuarios lo que permite a atacantes remotos obtener privilegios."
}
],
"id": "CVE-2008-1937",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-25T06:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29894"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30160"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1098
Vulnerability from fkie_nvd - Published: 2008-03-05 20:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A2FDB5-6C57-43E2-AA1B-D083D93C5679",
"versionEndIncluding": "1.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin 1.5.8 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) ciertas entradas procesadas por formatter/text_gedit.py (tambi\u00e9n conocido como el gui editor formatter); (2) un nombre de p\u00e1gina, que dispara una inyecci\u00f3n en PageEditor.py cuando la p\u00e1gina se borra exitosamente por una v\u00edctima en una acci\u00f3n DeletePage; (3) el nombre de la p\u00e1gina destino para una acci\u00f3n RenamePage, lo que dispara una inyecci\u00f3n en PageEditor.py cuando un intento de cambiar el nombre de la v\u00edctima falla debido a un nombre duplicado."
}
],
"id": "CVE-2008-1098",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-05T20:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28173"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1099
Vulnerability from fkie_nvd - Published: 2008-03-05 20:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A2FDB5-6C57-43E2-AA1B-D083D93C5679",
"versionEndIncluding": "1.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
},
{
"lang": "es",
"value": "_macro_Getval en wikimacro.py de MoinMoin 1.5.8 y anteriores no hace cumplir correctamente ACLs, lo que permite a atacantes remotos leer p\u00e1ginas protegidas."
}
],
"id": "CVE-2008-1099",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-05T20:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28177"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0780
Vulnerability from fkie_nvd - Published: 2008-02-14 21:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 | |
| moinmoin | moinmoin | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados en MoinMoin v1.5.x a la 1.5.8 y 1.6.x anterior a 1.6.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s de una acci\u00f3n de login."
}
],
"id": "CVE-2008-0780",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-14T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0782
Vulnerability from fkie_nvd - Published: 2008-02-14 21:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en MoinMoin versi\u00f3n 1.5.8 y anteriores, permite a los atacantes remotos sobrescribir archivos arbitrarios por medio de un .. (punto punto) en el ID de usuario MOIN_ID de una cookie para una acci\u00f3n userform. NOTA: este problema puede ser aprovechado para la ejecuci\u00f3n de c\u00f3digo PHP por medio del par\u00e1metro quicklinks."
}
],
"id": "CVE-2008-0782",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-14T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29010"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27404"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4957"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0781
Vulnerability from fkie_nvd - Published: 2008-02-14 21:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py de MoinMoin 1.5.8 y anteriores, permiten a atacantes remotos inyectar comandos web o HTML de su elecci\u00f3n mediante (1) message, (2) pagename, y (3) target filenames."
}
],
"id": "CVE-2008-0781",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-14T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-1482 (GCVE-0-2009-1482)
Vulnerability from cvelistv5 – Published: 2009-04-29 18:06 – Updated: 2024-08-07 05:13
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "moinmoin-errormsg-xss(50356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1482",
"datePublished": "2009-04-29T18:06:00",
"dateReserved": "2009-04-29T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0312 (GCVE-0-2009-0312)
Vulnerability from cvelistv5 – Published: 2009-01-28 01:00 – Updated: 2024-08-07 04:31
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"refsource": "OSVDB",
"url": "http://osvdb.org/51632"
},
{
"name": "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0312",
"datePublished": "2009-01-28T01:00:00",
"dateReserved": "2009-01-27T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0260 (GCVE-0-2009-0260)
Vulnerability from cvelistv5 – Published: 2009-01-23 18:38 – Updated: 2024-08-07 04:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33716"
},
{
"name": "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"refsource": "OSVDB",
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0260",
"datePublished": "2009-01-23T18:38:00",
"dateReserved": "2009-01-23T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3381 (GCVE-0-2008-3381)
Vulnerability from cvelistv5 – Published: 2008-07-30 18:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31135"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/383196922b03",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3381",
"datePublished": "2008-07-30T18:00:00",
"dateReserved": "2008-07-30T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1937 (GCVE-0-2008-1937)
Vulnerability from cvelistv5 – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:41
VLAI?
Summary
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1937",
"datePublished": "2008-04-24T18:00:00",
"dateReserved": "2008-04-24T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1099 (GCVE-0-2008-1099)
Vulnerability from cvelistv5 – Published: 2008-03-05 20:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1099",
"datePublished": "2008-03-05T20:00:00",
"dateReserved": "2008-02-28T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1098 (GCVE-0-2008-1098)
Vulnerability from cvelistv5 – Published: 2008-03-05 20:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1098",
"datePublished": "2008-03-05T20:00:00",
"dateReserved": "2008-02-28T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0780 (GCVE-0-2008-0780)
Vulnerability from cvelistv5 – Published: 2008-02-14 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=432747",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0780",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0782 (GCVE-0-2008-0782)
Vulnerability from cvelistv5 – Published: 2008-02-14 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0782",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0781 (GCVE-0-2008-0781)
Vulnerability from cvelistv5 – Published: 2008-02-14 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=432748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0781",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1482 (GCVE-0-2009-1482)
Vulnerability from nvd – Published: 2009-04-29 18:06 – Updated: 2024-08-07 05:13
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "moinmoin-errormsg-xss(50356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1482",
"datePublished": "2009-04-29T18:06:00",
"dateReserved": "2009-04-29T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0312 (GCVE-0-2009-0312)
Vulnerability from nvd – Published: 2009-01-28 01:00 – Updated: 2024-08-07 04:31
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"refsource": "OSVDB",
"url": "http://osvdb.org/51632"
},
{
"name": "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0312",
"datePublished": "2009-01-28T01:00:00",
"dateReserved": "2009-01-27T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0260 (GCVE-0-2009-0260)
Vulnerability from nvd – Published: 2009-01-23 18:38 – Updated: 2024-08-07 04:24
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33716"
},
{
"name": "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"refsource": "OSVDB",
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0260",
"datePublished": "2009-01-23T18:38:00",
"dateReserved": "2009-01-23T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3381 (GCVE-0-2008-3381)
Vulnerability from nvd – Published: 2008-07-30 18:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31135"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/383196922b03",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3381",
"datePublished": "2008-07-30T18:00:00",
"dateReserved": "2008-07-30T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1937 (GCVE-0-2008-1937)
Vulnerability from nvd – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:41
VLAI?
Summary
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1937",
"datePublished": "2008-04-24T18:00:00",
"dateReserved": "2008-04-24T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1099 (GCVE-0-2008-1099)
Vulnerability from nvd – Published: 2008-03-05 20:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1099",
"datePublished": "2008-03-05T20:00:00",
"dateReserved": "2008-02-28T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1098 (GCVE-0-2008-1098)
Vulnerability from nvd – Published: 2008-03-05 20:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1098",
"datePublished": "2008-03-05T20:00:00",
"dateReserved": "2008-02-28T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0780 (GCVE-0-2008-0780)
Vulnerability from nvd – Published: 2008-02-14 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=432747",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0780",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0782 (GCVE-0-2008-0782)
Vulnerability from nvd – Published: 2008-02-14 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0782",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0781 (GCVE-0-2008-0781)
Vulnerability from nvd – Published: 2008-02-14 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=432748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0781",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}