CVE-2009-1482
published 2009-04-29CVE-2009-1482: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.48%
82.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmoin | moinmoin | <= 1.8.2 | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
| moinmoin | moinmoin | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MoinMoin Cross-site Scripting (XSS) vulnerability
osv·2022-05-02·CVSS 4.3
CVE-2009-1482 [MEDIUM] MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in `action/AttachFile.py` in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the `error_msg` function or (2) multiple vectors related to package file errors in the `upload_form` function, different vectors than CVE-2009-0260.
GHSA
MoinMoin Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-02·CVSS 4.3
CVE-2009-1482 [MEDIUM] CWE-79 MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in `action/AttachFile.py` in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the `error_msg` function or (2) multiple vectors related to package file errors in the `upload_form` function, different vectors than CVE-2009-0260.
OSV
CVE-2009-1482: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile
osv·2009-04-29·CVSS 4.3
CVE-2009-1482 [MEDIUM] CVE-2009-1482: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Ubuntu
MoinMoin vulnerability
vendor_ubuntu·2009-05-11
CVE-2009-1482 MoinMoin vulnerability
Title: MoinMoin vulnerability
Summary: MoinMoin vulnerability
It was discovered that MoinMoin did not properly sanitize its input when
attaching files, resulting in cross-site scripting (XSS) vulnerabilities.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker
could exploit this to modify the contents, or steal confidential data,
within the same domain.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
moin: XSS in AttachFile.py
vendor_redhat·2009-04-18·CVSS 4.3
CVE-2009-1482 [MEDIUM] CWE-79 moin: XSS in AttachFile.py
moin: XSS in AttachFile.py
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
No detection rules found.
No public exploits indexed.
http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/34821http://secunia.com/advisories/34945http://secunia.com/advisories/35024http://www.debian.org/security/2009/dsa-1791http://www.securityfocus.com/bid/34631http://www.ubuntu.com/usn/USN-774-1http://www.vupen.com/english/advisories/2009/1119https://exchange.xforce.ibmcloud.com/vulnerabilities/50356http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/34821http://secunia.com/advisories/34945http://secunia.com/advisories/35024http://www.debian.org/security/2009/dsa-1791http://www.securityfocus.com/bid/34631http://www.ubuntu.com/usn/USN-774-1http://www.vupen.com/english/advisories/2009/1119https://exchange.xforce.ibmcloud.com/vulnerabilities/50356
2009-04-29
Published