MoinMoin 'PageEditor.py' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. MoinMoin 1.9.2 and prior are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://moinmo.in/
http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
https://www.securityfocus.com/bid/40549

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2487, CVE-2010-2969, CVE-2010-2970

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

3Com NBX VoIP NetSet Detection
Apache Tomcat TroubleShooter Servlet Installed
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities