CVE-2010-0828
published 2010-04-05CVE-2010-0828: Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to…
PriorityP413low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
2.24%
80.7th percentile
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv3.5LOW
vendor_redhat3.5LOW
vendor_ubuntu3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MoinMo MoinMoin 1.8.7/1.9.2 cross site scripting (Nessus ID 45396 / ID 195079)
vuldb·2026-05-05·CVSS 3.5
CVE-2010-0828 [LOW] MoinMo MoinMoin 1.8.7/1.9.2 cross site scripting (Nessus ID 45396 / ID 195079)
A vulnerability was found in MoinMo MoinMoin 1.8.7/1.9.2. It has been declared as problematic. The impacted element is an unknown function. Executing a manipulation can lead to cross site scripting.
This vulnerability is handled as CVE-2010-0828. The attack can be executed remotely. There is not any exploit available.
GHSA
MoinMoin Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-02
CVE-2010-0828 [MEDIUM] CWE-79 MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in `action/Despam.py` in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
OSV
MoinMoin Cross-site Scripting (XSS) vulnerability
osv·2022-05-02
CVE-2010-0828 [MEDIUM] MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in `action/Despam.py` in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
OSV
CVE-2010-0828: Cross-site scripting (XSS) vulnerability in action/Despam
osv·2010-04-05·CVSS 3.5
CVE-2010-0828 [LOW] CVE-2010-0828: Cross-site scripting (XSS) vulnerability in action/Despam
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2010-04-08·CVSS 3.5
CVE-2010-0828 [LOW] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: MoinMoin vulnerabilities
It was discovered that MoinMoin did not properly sanitize its input when
processing Despam actions, resulting in cross-site scripting (XSS)
vulnerabilities. If a privileged wiki user were tricked into performing
the Despam action on a page with a crafted title, a remote attacker could
exploit this to execute JavaScript code. (CVE-2010-0828)
It was discovered that the TextCha protection in MoinMoin could be bypassed
by submitting a crafted form request. This issue only affected Ubuntu 8.10.
(CVE-2010-1238)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
Moin v1.8.7 / v.1.9.2 -- XSS in Despam action
vendor_redhat·2010-03-30·CVSS 3.5
CVE-2010-0828 [LOW] CWE-79 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action
Moin v1.8.7 / v.1.9.2 -- XSS in Despam action
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2487 moin: Multiple XSS issues
bugzilla·2010-06-07·CVSS 4.3
CVE-2010-2487 [MEDIUM] CVE-2010-2487 moin: Multiple XSS issues
CVE-2010-2487 moin: Multiple XSS issues
A possible reflected cross-site scripting attack was discovered in Moin [1]. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities, due to a vulnerable template parameter. The upstream bug report links to patches to correct the flaw.
[1] http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
Discussion:
Created moin tracking bugs for this issue
Affects: fedora-all [bug 601400]
---
moin-1.8.8-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc12
---
moin-1.8.8-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc11
---
mo
Bugzilla
CVE-2010-0828 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action [Fedora all]
bugzilla·2010-04-01·CVSS 3.5
CVE-2010-0828 [LOW] CVE-2010-0828 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action [Fedora all]
CVE-2010-0828 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action [Fedora all]
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.
bug #578801:
CVE-2010-0828 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=578801
Please note: this issue affects multiple supported
Bugzilla
CVE-2010-0828 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action
bugzilla·2010-04-01·CVSS 3.5
CVE-2010-0828 [LOW] CVE-2010-0828 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action
CVE-2010-0828 Moin v1.8.7 / v.1.9.2 -- XSS in Despam action
Jamie Strandboge of the Ubuntu Security Team reported:
[1] https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022
a cross-site scripting (XSS) flaw, present in the Moin's Despam
action module, providing possibility mass to revert changes done
by some specific author / bot. Unprivileged Moin user could provide
a specially-crafted HTML page and trick the privileged user into
running the Despam action on it, leading to disclosure of sensitive
information, denial of 'revert changes service' or potentially,
to execution of arbitrary JavaScript code with the privileges
of the privileged Moin user.
References:
[2] http://moinmo.in/SecurityFixes
[3] http://secunia.com/advisories/39188/
Upstream patch:
[4] http://hg.moinmo.in/moin/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995http://hg.moinmo.in/moin/1.9/rev/6e603e5411cahttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.htmlhttp://secunia.com/advisories/39188http://secunia.com/advisories/39190http://secunia.com/advisories/39267http://secunia.com/advisories/39284http://www.debian.org/security/2010/dsa-2024http://www.securityfocus.com/bid/39110http://www.ubuntu.com/usn/USN-925-1http://www.vupen.com/english/advisories/2010/0767http://www.vupen.com/english/advisories/2010/0831http://www.vupen.com/english/advisories/2010/0834https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022https://bugzilla.redhat.com/show_bug.cgi?id=578801https://exchange.xforce.ibmcloud.com/vulnerabilities/57435http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995http://hg.moinmo.in/moin/1.9/rev/6e603e5411cahttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.htmlhttp://secunia.com/advisories/39188http://secunia.com/advisories/39190http://secunia.com/advisories/39267http://secunia.com/advisories/39284http://www.debian.org/security/2010/dsa-2024http://www.securityfocus.com/bid/39110http://www.ubuntu.com/usn/USN-925-1http://www.vupen.com/english/advisories/2010/0767http://www.vupen.com/english/advisories/2010/0831http://www.vupen.com/english/advisories/2010/0834https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022https://bugzilla.redhat.com/show_bug.cgi?id=578801https://exchange.xforce.ibmcloud.com/vulnerabilities/57435
2010-04-05
Published