CVE-2010-2487
published 2010-08-05CVE-2010-2487: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.66%
83.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | <= 1.7.3 | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MoinMoin Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-17
CVE-2010-2487 [MEDIUM] CWE-79 MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) `Page.py`, (2) `PageEditor.py`, (3) `PageGraphicalEditor.py`, (4) `action/CopyPage.py`, (5) `action/Load.py`, (6) `action/RenamePage.py`, (7) `action/backup.py`, (8) `action/login.py`, (9) `action/newaccount.py`, and (10) `action/recoverpass.py`.
GHSA
MoinMoin cross-site scripting (XSS) vulnerability
ghsa·2022-05-17·CVSS 4.3
CVE-2010-2969 [MEDIUM] CWE-79 MoinMoin cross-site scripting (XSS) vulnerability
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.
OSV
MoinMoin cross-site scripting (XSS) vulnerability
osv·2022-05-17·CVSS 4.3
CVE-2010-2969 [MEDIUM] MoinMoin cross-site scripting (XSS) vulnerability
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.
GHSA
MoinMoin cross-site scripting (XSS) vulnerability
ghsa·2022-05-17·CVSS 4.3
CVE-2010-2970 [MEDIUM] CWE-79 MoinMoin cross-site scripting (XSS) vulnerability
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
OSV
MoinMoin Cross-site Scripting (XSS) vulnerability
osv·2022-05-17
CVE-2010-2487 [MEDIUM] MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) `Page.py`, (2) `PageEditor.py`, (3) `PageGraphicalEditor.py`, (4) `action/CopyPage.py`, (5) `action/Load.py`, (6) `action/RenamePage.py`, (7) `action/backup.py`, (8) `action/login.py`, (9) `action/newaccount.py`, and (10) `action/recoverpass.py`.
OSV
MoinMoin cross-site scripting (XSS) vulnerability
osv·2022-05-17·CVSS 4.3
CVE-2010-2970 [MEDIUM] MoinMoin cross-site scripting (XSS) vulnerability
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
OSV
CVE-2010-2969: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
osv·2010-08-05·CVSS 4.3
CVE-2010-2969 [MEDIUM] CVE-2010-2969: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.
OSV
CVE-2010-2487: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
osv·2010-08-05
CVE-2010-2487 CVE-2010-2487: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
OSV
CVE-2010-2970: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
osv·2010-08-05·CVSS 4.3
CVE-2010-2970 [MEDIUM] CVE-2010-2970: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2010-08-25
CVE-2010-2487 MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
It was discovered that MoinMoin did not properly sanitize its input,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809http://hg.moinmo.in/moin/1.7/rev/37306fba2189http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGEShttp://hg.moinmo.in/moin/1.8/rev/4238b0c90871http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGEShttp://hg.moinmo.in/moin/1.9/rev/68ba3cc79513http://hg.moinmo.in/moin/1.9/rev/e50b087c4572http://marc.info/?l=oss-security&m=127799369406968&w=2http://marc.info/?l=oss-security&m=127809682420259&w=2http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsghttp://moinmo.in/MoinMoinRelease1.8http://moinmo.in/MoinMoinRelease1.9http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/40836http://www.debian.org/security/2010/dsa-2083http://www.securityfocus.com/bid/40549http://www.vupen.com/english/advisories/2010/1981http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809http://hg.moinmo.in/moin/1.7/rev/37306fba2189http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGEShttp://hg.moinmo.in/moin/1.8/rev/4238b0c90871http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGEShttp://hg.moinmo.in/moin/1.9/rev/68ba3cc79513http://hg.moinmo.in/moin/1.9/rev/e50b087c4572http://marc.info/?l=oss-security&m=127799369406968&w=2http://marc.info/?l=oss-security&m=127809682420259&w=2http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsghttp://moinmo.in/MoinMoinRelease1.8http://moinmo.in/MoinMoinRelease1.9http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/40836http://www.debian.org/security/2010/dsa-2083http://www.securityfocus.com/bid/40549http://www.vupen.com/english/advisories/2010/1981
2010-08-05
Published