Summary
This host is running MoinMoin Wiki and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary scripting code.
Impact Level: Application
Solution
Upgrade MoinMoin Wiki 1.9.2-3 or latest,
For updates refer to http://moinmo.in/MoinMoinDownload
Insight
Input passed via the 'page' name which is not properly sanitising before being returned to the user in 'Despam.py'. This can be exploited to insert arbitrary HTML and script code, when the Despam functionality is used on a page with a specially crafted page name.
Affected
MoinMoin Wiki version 1.8.7 and 1.9.2
References
Severity
Classification
-
CVE CVE-2010-0828 -
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N
Related Vulnerabilities
- HP System Management Homepage Multiple Unspecified Vulnerabilities
- ownCloud Multiple Cross Site Scripting Vulnerabilities -03 May14
- Atlassian Confluence Multiple Cross Site Scripting Vulnerabilities
- Oracle 9iAS SOAP configuration file retrieval
- LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting Vulnerability