Vulnerabilites related to moinmoin - moinmoin
Vulnerability from fkie_nvd
Published
2009-04-29 18:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | * | |
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 | |
| moinmoin | moinmoin | 1.6 | |
| moinmoin | moinmoin | 1.6.0 | |
| moinmoin | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | 1.6.2 | |
| moinmoin | moinmoin | 1.6.3 | |
| moinmoin | moinmoin | 1.7 | |
| moinmoin | moinmoin | 1.7.0 | |
| moinmoin | moinmoin | 1.7.1 | |
| moinmoin | moinmoin | 1.7.2 | |
| moinmoin | moinmoin | 1.7.3 | |
| moinmoin | moinmoin | 1.8.0 | |
| moinmoin | moinmoin | 1.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB9D53C-D2DE-4FCA-B20B-43FC0EECF9BD",
"versionEndIncluding": "1.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFA717-B536-46CF-8D96-B850EB4C6F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51DF4CAC-EDD8-4C71-BC77-0F516692B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1CAAA6-8D33-4901-88E2-120AB7B4CD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F89B87E-70F6-4B3C-B684-BE2666342F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "77C78CF4-D4B3-4AE1-A15F-14C3BB8136D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59C423EE-D9F5-4570-A5E8-1AA34F05E0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12CADC-8939-462C-8D40-DD56B13773AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A19C0F96-9054-4DE9-92AD-A9DAF03B4960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5CDE22-2384-4B78-A76F-B95D5FBAD141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E706F537-8473-4E45-9165-CA502263DC2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin v1.8.2 y anteriores permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de (1) una sub-acci\u00f3n AttachFile en la funci\u00f3n error_msg o (2) m\u00faltiples vectores relacionados con los errores de empaquetado de ficheros en la funci\u00f3n upload_form, diferentes vectores que CVE-2009-0260."
}
],
"id": "CVE-2009-1482",
"lastModified": "2024-11-21T01:02:33.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-29T18:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34821"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34945"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35024"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-774-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-774-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-30 18:41
Modified
2024-11-21 00:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F89B87E-70F6-4B3C-B684-BE2666342F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados en macro/AdvancedSearch.py en moin (y MoinMoin)1.6.3 y 1.7.0, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s vectores no especificados."
}
],
"id": "CVE-2008-3381",
"lastModified": "2024-11-21T00:49:07.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-30T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31135"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-25 06:05
Modified
2024-11-21 00:45
Severity ?
Summary
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51DF4CAC-EDD8-4C71-BC77-0F516692B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1CAAA6-8D33-4901-88E2-120AB7B4CD53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
},
{
"lang": "es",
"value": "El procesamiento del formulario \"user\" (userform.py) en MoinMoin anterior a 1.6.3, cuando emplea ACLs o una lista de superusuarios que no est\u00e1 vac\u00eda, no gestiona correctamente los usuarios lo que permite a atacantes remotos obtener privilegios."
}
],
"id": "CVE-2008-1937",
"lastModified": "2024-11-21T00:45:42.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-25T06:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29894"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30160"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-23 19:00
Modified
2024-11-21 00:59
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | * | |
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 | |
| moinmoin | moinmoin | 1.6 | |
| moinmoin | moinmoin | 1.6.0 | |
| moinmoin | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | 1.6.2 | |
| moinmoin | moinmoin | 1.6.3 | |
| moinmoin | moinmoin | 1.7.0 | |
| moinmoin | moinmoin | 1.7.1 | |
| moinmoin | moinmoin | 1.7.2 | |
| moinmoin | moinmoin | 1.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF9B689-609F-4BDA-AD95-BB43EA4A436C",
"versionEndIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFA717-B536-46CF-8D96-B850EB4C6F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51DF4CAC-EDD8-4C71-BC77-0F516692B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1CAAA6-8D33-4901-88E2-120AB7B4CD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F89B87E-70F6-4B3C-B684-BE2666342F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59C423EE-D9F5-4570-A5E8-1AA34F05E0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12CADC-8939-462C-8D40-DD56B13773AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A19C0F96-9054-4DE9-92AD-A9DAF03B4960",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin antes de v1.8.1, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante una acci\u00f3n AttachFile a el componente WikiSandBox con los par\u00e1metros (1) rename o (2) drawing (alias la variable basename)."
}
],
"id": "CVE-2009-0260",
"lastModified": "2024-11-21T00:59:28.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-23T19:00:05.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51485"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33593"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2009/dsa-1715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-14 21:00
Modified
2024-11-21 00:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 | |
| moinmoin | moinmoin | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados en MoinMoin v1.5.x a la 1.5.8 y 1.6.x anterior a 1.6.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s de una acci\u00f3n de login."
}
],
"id": "CVE-2008-0780",
"lastModified": "2024-11-21T00:42:53.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-14T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-28 01:30
Modified
2024-11-21 00:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E706F537-8473-4E45-9165-CA502263DC2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la caracter\u00edstica antispam (security/antispam.py) en MoinMoin 1.7 y 1.8.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de un contenido rechazado, manipulado."
}
],
"id": "CVE-2009-0312",
"lastModified": "2024-11-21T00:59:36.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-01-28T01:30:03.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51632"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2009/dsa-1715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-14 21:00
Modified
2024-11-21 00:42
Severity ?
Summary
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en MoinMoin versi\u00f3n 1.5.8 y anteriores, permite a los atacantes remotos sobrescribir archivos arbitrarios por medio de un .. (punto punto) en el ID de usuario MOIN_ID de una cookie para una acci\u00f3n userform. NOTA: este problema puede ser aprovechado para la ejecuci\u00f3n de c\u00f3digo PHP por medio del par\u00e1metro quicklinks."
}
],
"id": "CVE-2008-0782",
"lastModified": "2024-11-21T00:42:53.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-14T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29010"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27404"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4957"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-13 20:28
Modified
2024-11-21 00:27
Severity ?
Summary
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the \"Show debugging information\" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la caracter\u00edstica \"Mostrar informaci\u00f3n de depuraci\u00f3n\" de MoinMoin 1.5.7 permite a atacantes remotos obtener informaci\u00f3n sensible. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-0902",
"lastModified": "2024-11-21T00:27:01.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-13T20:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33173"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24138"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24244"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22515"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-423-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-05 20:44
Modified
2024-11-21 00:43
Severity ?
Summary
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A2FDB5-6C57-43E2-AA1B-D083D93C5679",
"versionEndIncluding": "1.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
},
{
"lang": "es",
"value": "_macro_Getval en wikimacro.py de MoinMoin 1.5.8 y anteriores no hace cumplir correctamente ACLs, lo que permite a atacantes remotos leer p\u00e1ginas protegidas."
}
],
"id": "CVE-2008-1099",
"lastModified": "2024-11-21T00:43:40.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-05T20:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28177"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete."
}
],
"id": "CVE-2004-1462",
"lastModified": "2024-11-20T23:50:56.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8194"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10805"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16833"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-13 23:19
Modified
2024-11-21 00:31
Severity ?
Summary
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ubuntu | ubuntu_linux | 6.06_lts | |
| ubuntu | ubuntu_linux | 6.10 | |
| ubuntu | ubuntu_linux | 7.04 | |
| moinmoin | moinmoin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*",
"matchCriteriaId": "B8517E55-4357-4AFD-B571-5533123CB014",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "33904E65-D50D-4EAE-885D-FE2EBF535F18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A940B9-A553-4A0B-8ECF-52FD26894285",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3DEE5B-FDEA-45E0-9734-E1BF90858A34",
"versionEndIncluding": "1.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors."
},
{
"lang": "es",
"value": "MoinMoin anterior a 20070507 no impone ACLs para calendarios e inclusiones(includes), lo cual permite a atacantes remotos leer ciertas p\u00e1ginas a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-2637",
"lastModified": "2024-11-21T00:31:17.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-13T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36269"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25208"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-458-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-458-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges."
},
{
"lang": "es",
"value": "MoinMoin 1.2.1 y anteiores permite a atacantes remotos ganar privilegios creando un usuario con el mismo nombre de un grupo existente con privilegios mayores."
}
],
"id": "CVE-2004-0708",
"lastModified": "2024-11-20T23:49:13.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11807"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=948103\u0026group_id=8482\u0026atid=108482"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6704"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10568"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=948103\u0026group_id=8482\u0026atid=108482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16465"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact."
}
],
"id": "CVE-2004-1463",
"lastModified": "2024-11-20T23:50:56.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8195"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10801"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16832"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-08 18:28
Modified
2024-11-21 00:26
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5CE63D-3BA7-4B6B-9BC8-A8F395CB8F24",
"versionEndIncluding": "1.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin anterior a 1.5.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) la informaci\u00f3n de la p\u00e1gina, o el nombre de p\u00e1gina en una acci\u00f3n (2) AttachFile, (3) RenamePage, o (4) LocalSiteMap."
}
],
"id": "CVE-2007-0857",
"lastModified": "2024-11-21T00:26:54.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-08T18:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31871"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31872"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31873"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24096"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24117"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/31874"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22506"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-421-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0553"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/31874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-421-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32377"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-02 00:19
Modified
2024-11-21 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MoinMoin 1.5.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el par\u00e1metro do en una acci\u00f3n AttachFile, una vulnerabilidad diferente que CVE-2007-0857. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos solamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-2423",
"lastModified": "2024-11-21T00:30:45.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-02T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36567"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23676"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-13 20:28
Modified
2024-11-21 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Info pages de MoinMoin 1.5.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) hitcounts y (2) general, vectores diferentes que CVE-2007-0857. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-0901",
"lastModified": "2024-11-21T00:27:00.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-13T20:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33172"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24138"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24244"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22515"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-423-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-05 20:44
Modified
2024-11-21 00:43
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A2FDB5-6C57-43E2-AA1B-D083D93C5679",
"versionEndIncluding": "1.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin 1.5.8 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) ciertas entradas procesadas por formatter/text_gedit.py (tambi\u00e9n conocido como el gui editor formatter); (2) un nombre de p\u00e1gina, que dispara una inyecci\u00f3n en PageEditor.py cuando la p\u00e1gina se borra exitosamente por una v\u00edctima en una acci\u00f3n DeletePage; (3) el nombre de la p\u00e1gina destino para una acci\u00f3n RenamePage, lo que dispara una inyecci\u00f3n en PageEditor.py cuando un intento de cambiar el nombre de la v\u00edctima falla debido a un nombre duplicado."
}
],
"id": "CVE-2008-1098",
"lastModified": "2024-11-21T00:43:40.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-05T20:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28173"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-14 21:00
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py de MoinMoin 1.5.8 y anteriores, permiten a atacantes remotos inyectar comandos web o HTML de su elecci\u00f3n mediante (1) message, (2) pagename, y (3) target filenames."
}
],
"id": "CVE-2008-0781",
"lastModified": "2024-11-21T00:42:53.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-14T21:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2007-0901
Vulnerability from cvelistv5
Published
2007-02-13 20:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24138 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/33172 | vdb-entry, x_refsource_OSVDB | |
| http://www.ubuntu.com/usn/usn-423-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/22515 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24244 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24138"
},
{
"name": "33172",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33172"
},
{
"name": "USN-423-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"name": "22515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22515"
},
{
"name": "24244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24138"
},
{
"name": "33172",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33172"
},
{
"name": "USN-423-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"name": "22515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22515"
},
{
"name": "24244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24138"
},
{
"name": "33172",
"refsource": "OSVDB",
"url": "http://osvdb.org/33172"
},
{
"name": "USN-423-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"name": "22515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22515"
},
{
"name": "24244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0901",
"datePublished": "2007-02-13T20:00:00",
"dateReserved": "2007-02-13T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0782
Vulnerability from cvelistv5
Published
2008-02-14 20:00
Modified
2024-08-07 07:54
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "20080124 MoinMoin 1.5.x MOIND_ID cookie Bug Remote Exploit",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-January/001890.html"
},
{
"name": "moinmoin-readme-file-overwrite(39837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39837"
},
{
"name": "4957",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4957"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "27404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27404"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0782",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1462
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16833 | vdb-entry, x_refsource_XF | |
| http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/10805 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/displayvuln.php?osvdb_id=8194 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"name": "moinmoin-acl-gain-privileges(16833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16833"
},
{
"name": "GLSA-200408-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"name": "10805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10805"
},
{
"name": "8194",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"name": "moinmoin-acl-gain-privileges(16833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16833"
},
{
"name": "GLSA-200408-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"name": "10805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10805"
},
{
"name": "8194",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"name": "moinmoin-acl-gain-privileges(16833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16833"
},
{
"name": "GLSA-200408-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"name": "10805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10805"
},
{
"name": "8194",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1462",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2637
Vulnerability from cvelistv5
Published
2007-05-13 23:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/36269 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/29262 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25208 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34474 | vdb-entry, x_refsource_XF | |
| http://www.ubuntu.com/usn/usn-458-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2008/dsa-1514 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:56.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36269"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "25208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25208"
},
{
"name": "moinmoin-acl-information-disclosure(34474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34474"
},
{
"name": "USN-458-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-458-1"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36269",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36269"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "25208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25208"
},
{
"name": "moinmoin-acl-information-disclosure(34474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34474"
},
{
"name": "USN-458-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-458-1"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36269",
"refsource": "OSVDB",
"url": "http://osvdb.org/36269"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "25208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25208"
},
{
"name": "moinmoin-acl-information-disclosure(34474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34474"
},
{
"name": "USN-458-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-458-1"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2637",
"datePublished": "2007-05-13T23:00:00",
"dateReserved": "2007-05-13T00:00:00",
"dateUpdated": "2024-08-07T13:49:56.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1937
Vulnerability from cvelistv5
Published
2008-04-24 18:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200805-09.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41909 | vdb-entry, x_refsource_XF | |
| http://hg.moinmo.in/moin/1.6/rev/f405012e67af | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/1307/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30160 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/28869 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29894 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "GLSA-200805-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-09.xml"
},
{
"name": "moinmoin-userform-security-bypass(41909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41909"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/f405012e67af"
},
{
"name": "ADV-2008-1307",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1307/references"
},
{
"name": "30160",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30160"
},
{
"name": "28869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28869"
},
{
"name": "29894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1937",
"datePublished": "2008-04-24T18:00:00",
"dateReserved": "2008-04-24T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2423
Vulnerability from cvelistv5
Published
2007-05-02 00:00
Modified
2024-08-07 13:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/29262 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/36567 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/23676 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2008/dsa-1514 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:29.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "36567",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36567"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html"
},
{
"name": "23676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23676"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "36567",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36567"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html"
},
{
"name": "23676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23676"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "36567",
"refsource": "OSVDB",
"url": "http://osvdb.org/36567"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html"
},
{
"name": "23676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23676"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2423",
"datePublished": "2007-05-02T00:00:00",
"dateReserved": "2007-05-01T00:00:00",
"dateUpdated": "2024-08-07T13:33:29.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3381
Vulnerability from cvelistv5
Published
2008-07-30 18:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31135 | third-party-advisory, x_refsource_SECUNIA | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2147/references | vdb-entry, x_refsource_VUPEN | |
| http://hg.moinmo.in/moin/1.7/rev/383196922b03 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43899 | vdb-entry, x_refsource_XF | |
| http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/30297 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31135"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2008-2147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2147/references"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/383196922b03",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/383196922b03"
},
{
"name": "moinmoin-advancedsearch-xss(43899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43899"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58"
},
{
"name": "30297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3381",
"datePublished": "2008-07-30T18:00:00",
"dateReserved": "2008-07-30T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0780
Vulnerability from cvelistv5
Published
2008-02-14 20:00
Modified
2024-08-07 07:54
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=432747",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7"
},
{
"name": "FEDORA-2008-1880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0780",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0708
Vulnerability from cvelistv5
Published
2004-07-21 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml | vendor-advisory, x_refsource_GENTOO | |
| http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16465 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/11807 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/10568 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/6704 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200407-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=948103\u0026group_id=8482\u0026atid=108482"
},
{
"name": "moinmoin-gain-admin-access(16465)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16465"
},
{
"name": "11807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11807"
},
{
"name": "10568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10568"
},
{
"name": "6704",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200407-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=948103\u0026group_id=8482\u0026atid=108482"
},
{
"name": "moinmoin-gain-admin-access(16465)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16465"
},
{
"name": "11807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11807"
},
{
"name": "10568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10568"
},
{
"name": "6704",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200407-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=948103\u0026group_id=8482\u0026atid=108482",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=948103\u0026group_id=8482\u0026atid=108482"
},
{
"name": "moinmoin-gain-admin-access(16465)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16465"
},
{
"name": "11807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11807"
},
{
"name": "10568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10568"
},
{
"name": "6704",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0708",
"datePublished": "2004-07-21T04:00:00",
"dateReserved": "2004-07-20T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1099
Vulnerability from cvelistv5
Published
2008-03-05 20:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "28177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28177"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "moinmoin-macrogetval-information-disclosure(41038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"
},
{
"name": "FEDORA-2008-3328",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1099",
"datePublished": "2008-03-05T20:00:00",
"dateReserved": "2008-02-28T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1098
Vulnerability from cvelistv5
Published
2008-03-05 20:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim\u0027s rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30031"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "FEDORA-2008-3328",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"
},
{
"name": "FEDORA-2008-3301",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-multiple-actions-xss(41037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"
},
{
"name": "28173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28173"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1098",
"datePublished": "2008-03-05T20:00:00",
"dateReserved": "2008-02-28T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1463
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/displayvuln.php?osvdb_id=8195 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/10801 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16832 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8195"
},
{
"name": "10801",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"name": "GLSA-200408-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"name": "moinmoin-pageeditor-gain-privilege(16832)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8195"
},
{
"name": "10801",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"name": "GLSA-200408-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"name": "moinmoin-pageeditor-gain-privilege(16832)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16832"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8195",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8195"
},
{
"name": "10801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10801"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=8482\u0026release_id=254801"
},
{
"name": "GLSA-200408-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml"
},
{
"name": "moinmoin-pageeditor-gain-privilege(16832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1463",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1482
Vulnerability from cvelistv5
Published
2009-04-29 18:06
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50356 | vdb-entry, x_refsource_XF | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1119 | vdb-entry, x_refsource_VUPEN | |
| http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34631 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35024 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/34945 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1791 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/34821 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-774-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "moinmoin-errormsg-xss(50356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1482",
"datePublished": "2009-04-29T18:06:00",
"dateReserved": "2009-04-29T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0902
Vulnerability from cvelistv5
Published
2007-02-13 20:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24138 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/usn-423-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://osvdb.org/33173 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/22515 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24244 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24138"
},
{
"name": "USN-423-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"name": "33173",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33173"
},
{
"name": "22515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22515"
},
{
"name": "24244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the \"Show debugging information\" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24138"
},
{
"name": "USN-423-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"name": "33173",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33173"
},
{
"name": "22515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22515"
},
{
"name": "24244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the \"Show debugging information\" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24138"
},
{
"name": "USN-423-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-423-1"
},
{
"name": "33173",
"refsource": "OSVDB",
"url": "http://osvdb.org/33173"
},
{
"name": "22515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22515"
},
{
"name": "24244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0902",
"datePublished": "2007-02-13T20:00:00",
"dateReserved": "2007-02-13T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0857
Vulnerability from cvelistv5
Published
2007-02-08 18:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32377 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/22506 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/31874 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/31873 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24096 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/31871 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/0553 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/24117 | third-party-advisory, x_refsource_SECUNIA | |
| http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES | x_refsource_CONFIRM | |
| http://osvdb.org/31872 | vdb-entry, x_refsource_OSVDB | |
| http://www.ubuntu.com/usn/usn-421-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "moinmoin-pageinfo-pagename-xss(32377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32377"
},
{
"name": "22506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22506"
},
{
"name": "31874",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/31874"
},
{
"name": "31873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31873"
},
{
"name": "24096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24096"
},
{
"name": "31871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31871"
},
{
"name": "ADV-2007-0553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0553"
},
{
"name": "24117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES"
},
{
"name": "31872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31872"
},
{
"name": "USN-421-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-421-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "moinmoin-pageinfo-pagename-xss(32377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32377"
},
{
"name": "22506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22506"
},
{
"name": "31874",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/31874"
},
{
"name": "31873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31873"
},
{
"name": "24096",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24096"
},
{
"name": "31871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31871"
},
{
"name": "ADV-2007-0553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0553"
},
{
"name": "24117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES"
},
{
"name": "31872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31872"
},
{
"name": "USN-421-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-421-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "moinmoin-pageinfo-pagename-xss(32377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32377"
},
{
"name": "22506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22506"
},
{
"name": "31874",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31874"
},
{
"name": "31873",
"refsource": "OSVDB",
"url": "http://osvdb.org/31873"
},
{
"name": "24096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24096"
},
{
"name": "31871",
"refsource": "OSVDB",
"url": "http://osvdb.org/31871"
},
{
"name": "ADV-2007-0553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0553"
},
{
"name": "24117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24117"
},
{
"name": "http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES",
"refsource": "CONFIRM",
"url": "http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES"
},
{
"name": "31872",
"refsource": "OSVDB",
"url": "http://osvdb.org/31872"
},
{
"name": "USN-421-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-421-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0857",
"datePublished": "2007-02-08T18:00:00",
"dateReserved": "2007-02-08T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0781
Vulnerability from cvelistv5
Published
2008-02-14 20:00
Modified
2024-08-07 07:54
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "GLSA-200803-27",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"
},
{
"name": "29262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29262"
},
{
"name": "29010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29010"
},
{
"name": "FEDORA-2008-1880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html"
},
{
"name": "28987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28987"
},
{
"name": "ADV-2008-0569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0569/references"
},
{
"name": "27904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27904"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=432748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432748"
},
{
"name": "29444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29444"
},
{
"name": "FEDORA-2008-1905",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html"
},
{
"name": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "DSA-1514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0781",
"datePublished": "2008-02-14T20:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0260
Vulnerability from cvelistv5
Published
2009-01-23 18:38
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33593 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/33755 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/0195 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33716 | third-party-advisory, x_refsource_SECUNIA | |
| http://moinmo.in/SecurityFixes#moin1.8.1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/33365 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/51485 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/500197/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48126 | vdb-entry, x_refsource_XF | |
| https://www.debian.org/security/2009/dsa-1715 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/716-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33716"
},
{
"name": "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"refsource": "OSVDB",
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0260",
"datePublished": "2009-01-23T18:38:00",
"dateReserved": "2009-01-23T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0312
Vulnerability from cvelistv5
Published
2009-01-28 01:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
References
| ▼ | URL | Tags |
|---|---|---|
| http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33755 | third-party-advisory, x_refsource_SECUNIA | |
| http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad | x_refsource_CONFIRM | |
| http://secunia.com/advisories/33716 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/51632 | vdb-entry, x_refsource_OSVDB | |
| http://moinmo.in/SecurityFixes#moin1.8.1 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2009/01/27/4 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2009/dsa-1715 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/716-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48306 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"
},
{
"name": "33716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33716"
},
{
"name": "51632",
"refsource": "OSVDB",
"url": "http://osvdb.org/51632"
},
{
"name": "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "[oss-security] 20090127 CVE Request: MoinMoin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/27/4"
},
{
"name": "DSA-1715",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
},
{
"name": "moinmoin-antispam-xss(48306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0312",
"datePublished": "2009-01-28T01:00:00",
"dateReserved": "2009-01-27T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}