CVE-2009-0260
published 2009-01-23CVE-2009-0260: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.44%
91.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmoin | moinmoin | <= 1.8.2 | — |
| moinmoin | moinmoin | <= 1.8.0 | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
ghsa·2022-05-02
CVE-2009-0260 [MEDIUM] CWE-79 MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in `action/AttachFile.py` in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
OSV
MoinMoin Cross-site Scripting (XSS) vulnerability
osv·2022-05-02·CVSS 4.3
CVE-2009-1482 [MEDIUM] MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in `action/AttachFile.py` in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the `error_msg` function or (2) multiple vectors related to package file errors in the `upload_form` function, different vectors than CVE-2009-0260.
GHSA
MoinMoin Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-02·CVSS 4.3
CVE-2009-1482 [MEDIUM] CWE-79 MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in `action/AttachFile.py` in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the `error_msg` function or (2) multiple vectors related to package file errors in the `upload_form` function, different vectors than CVE-2009-0260.
OSV
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
osv·2022-05-02
CVE-2009-0260 [MEDIUM] MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in `action/AttachFile.py` in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
OSV
CVE-2009-1482: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile
osv·2009-04-29·CVSS 4.3
CVE-2009-1482 [MEDIUM] CVE-2009-1482: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
OSV
CVE-2009-0260: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile
osv·2009-01-23·CVSS 4.3
CVE-2009-0260 [MEDIUM] CVE-2009-0260: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
Red Hat
moin: XSS in AttachFile.py
vendor_redhat·2009-04-18·CVSS 4.3
CVE-2009-1482 [MEDIUM] CWE-79 moin: XSS in AttachFile.py
moin: XSS in AttachFile.py
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2009-01-30·CVSS 4.3
CVE-2008-1098 [MEDIUM] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: MoinMoin vulnerabilities
Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)
Fernando Quintero discovered that MoinMoin did not properly sanitize its input
when attaching files, resulting in cross-site scripting vulnerabilities. This
issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781)
It was discovered that MoinMoin did n
Red Hat
moin: tachFile XSS issues
vendor_redhat·CVSS 4.3
CVE-2009-0260 [MEDIUM] CWE-79 moin: tachFile XSS issues
moin: tachFile XSS issues
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
No detection rules found.
Bugzilla
CVE-2009-1482 moin: XSS in AttachFile.py
bugzilla·2009-04-29·CVSS 4.3
CVE-2009-1482 [MEDIUM] CVE-2009-1482 moin: XSS in AttachFile.py
CVE-2009-1482 moin: XSS in AttachFile.py
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1482 to
the following vulnerability:
Name: CVE-2009-1482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1482
Assigned: 20090429
Reference: CONFIRM: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1
Reference: CONFIRM: http://moinmo.in/SecurityFixes
Reference: BID:34631
Reference: URL: http://www.securityfocus.com/bid/34631
Reference: SECUNIA:34821
Reference: URL: http://secunia.com/advisories/34821
Reference: VUPEN:ADV-2009-1119
Reference: URL: http://www.vupen.com/english/advisories/2009/1119
Multiple cross-site scripting (XSS) vulnerabilities in
action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote
attackers to inject arbitrary web script or HTML via (1) an
Bugzilla
CVE-2009-0260 moin: tachFile XSS issues
bugzilla·2009-01-26·CVSS 4.3
CVE-2009-0260 [MEDIUM] CVE-2009-0260 moin: tachFile XSS issues
CVE-2009-0260 moin: tachFile XSS issues
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0260 to the following vulnerability:
Multiple cross-site scripting (XSS) vulnerabilities in
action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers
to inject arbitrary web script or HTML via an AttachFile action to the
WikiSandBox component with (1) the rename parameter or (2) the drawing
parameter (aka the basename variable).
Fixed upstream in 1.7.3 and 1.8.1.
Upstream patch (1.7.x and 1.8.x):
http://hg.moinmo.in/moin/1.7/rev/8cb4d34ccbc1
http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1
References:
http://moinmo.in/SecurityFixes#moin1.8.1
http://www.securityfocus.com/archive/1/archive/1/500197/100/0/threaded
http://www.securityfocus.com/bid/33365
http://secunia.com/a
http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1http://moinmo.in/SecurityFixes#moin1.8.1http://osvdb.org/51485http://secunia.com/advisories/33593http://secunia.com/advisories/33716http://secunia.com/advisories/33755http://www.securityfocus.com/archive/1/500197/100/0/threadedhttp://www.securityfocus.com/bid/33365http://www.vupen.com/english/advisories/2009/0195https://exchange.xforce.ibmcloud.com/vulnerabilities/48126https://usn.ubuntu.com/716-1/https://www.debian.org/security/2009/dsa-1715http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1http://moinmo.in/SecurityFixes#moin1.8.1http://osvdb.org/51485http://secunia.com/advisories/33593http://secunia.com/advisories/33716http://secunia.com/advisories/33755http://www.securityfocus.com/archive/1/500197/100/0/threadedhttp://www.securityfocus.com/bid/33365http://www.vupen.com/english/advisories/2009/0195https://exchange.xforce.ibmcloud.com/vulnerabilities/48126https://usn.ubuntu.com/716-1/https://www.debian.org/security/2009/dsa-1715
2009-01-23
Published