CVE-2010-0669
published 2010-02-26CVE-2010-0669: MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.90%
77.1th percentile
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | <= 1.8.6 | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2010-03-11·CVSS 6.8
CVE-2010-0668 [MEDIUM] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: MoinMoin vulnerabilities
It was discovered that several wiki actions and preference settings in
MoinMoin were not protected from cross-site request forgery (CSRF). If an
authenticated user were tricked into visiting a malicious website while
logged into MoinMoin, a remote attacker could change the user's
configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)
It was discovered that MoinMoin did not properly sanitize its input when
processing user preferences. An attacker could enter malicious content
which when viewed by a user, could render in unexpected ways.
(CVE-2010-0669)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
Moin: Security fixes in v1.8.7, v1.9.2
vendor_redhat·2010-02-01·CVSS 7.5
CVE-2010-0669 [HIGH] Moin: Security fixes in v1.8.7, v1.9.2
Moin: Security fixes in v1.8.7, v1.9.2
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
GHSA
MoinMoin improper sanitizes user profiles
ghsa·2022-05-02
CVE-2010-0669 [HIGH] MoinMoin improper sanitizes user profiles
MoinMoin improper sanitizes user profiles
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
OSV
MoinMoin improper sanitizes user profiles
osv·2022-05-02
CVE-2010-0669 [HIGH] MoinMoin improper sanitizes user profiles
MoinMoin improper sanitizes user profiles
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
OSV
CVE-2010-0669: MoinMoin before 1
osv·2010-02-26
CVE-2010-0669 CVE-2010-0669: MoinMoin before 1
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2487 moin: Multiple XSS issues
bugzilla·2010-06-07·CVSS 4.3
CVE-2010-2487 [MEDIUM] CVE-2010-2487 moin: Multiple XSS issues
CVE-2010-2487 moin: Multiple XSS issues
A possible reflected cross-site scripting attack was discovered in Moin [1]. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities, due to a vulnerable template parameter. The upstream bug report links to patches to correct the flaw.
[1] http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
Discussion:
Created moin tracking bugs for this issue
Affects: fedora-all [bug 601400]
---
moin-1.8.8-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc12
---
moin-1.8.8-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc11
---
mo
Bugzilla
CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
bugzilla·2010-02-15·CVSS 6.8
CVE-2010-0668 [MEDIUM] CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
Multiple security issues have been reported in Moin:
[1] http://moinmo.in/SecurityFixes
[2] http://secunia.com/advisories/38444/
Upstream Moin v1.8.7 version was released:
[3] http://moinmo.in/
Addressing "major security issues in miscellaneous
parts of moin.":
[4] http://moinmo.in/MoinMoinRelease1.8
[5] http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES
CVE Request:
[6] http://www.openwall.com/lists/oss-security/2010/02/15/2
Other references:
[7] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975
As mentioned in [7]:
" 2) it's not just a single patch,
it is quite much, you don't want to apply them
manually. if you need it now, do a repo checkout
and you'll have 1.9.2pre kind of"
Discussion:
http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGEShttp://moinmo.in/MoinMoinRelease1.8http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/38444http://secunia.com/advisories/38903http://www.debian.org/security/2010/dsa-2014http://www.openwall.com/lists/oss-security/2010/02/15/2http://www.openwall.com/lists/oss-security/2010/02/15/4http://www.openwall.com/lists/oss-security/2010/02/21/2http://www.securityfocus.com/bid/38023http://www.vupen.com/english/advisories/2010/0600http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGEShttp://moinmo.in/MoinMoinRelease1.8http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/38444http://secunia.com/advisories/38903http://www.debian.org/security/2010/dsa-2014http://www.openwall.com/lists/oss-security/2010/02/15/2http://www.openwall.com/lists/oss-security/2010/02/15/4http://www.openwall.com/lists/oss-security/2010/02/21/2http://www.securityfocus.com/bid/38023http://www.vupen.com/english/advisories/2010/0600
2010-02-26
Published