CVE-2009-1482 — Cross-site Scripting in Moinmoin

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.7%

top 17.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moinmoin Moinmo Moinmoin

Timeline

PublishedApr 29

Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmoinmoin/moinmoin1.8.2+38

▶NVDmoinmo/moinmoin1.6.1

Patches

Patch: moinmo.in ↗Patch: moinmo.in ↗

🔴Vulnerability Details

OSV

MoinMoin Cross-site Scripting (XSS) vulnerability↗2022-05-02

▶

GHSA

MoinMoin Cross-site Scripting (XSS) vulnerability↗2022-05-02

▶

OSV

CVE-2009-1482: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile↗2009-04-29

▶

📋Vendor Advisories

Ubuntu

MoinMoin vulnerability↗2009-05-11

▶

Red Hat

moin: XSS in AttachFile.py↗2009-04-18

▶

💬Community

Bugzilla

CVE-2009-1482 moin: XSS in AttachFile.py↗2009-04-29

▶