CVE-2010-2970
published 2010-08-05CVE-2010-2970: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.53%
82.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2010-08-25
CVE-2010-2487 MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
It was discovered that MoinMoin did not properly sanitize its input,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.
Instructions: In general, a standard system update will make all the necessary changes.
GHSA
MoinMoin cross-site scripting (XSS) vulnerability
ghsa·2022-05-17·CVSS 4.3
CVE-2010-2970 [MEDIUM] CWE-79 MoinMoin cross-site scripting (XSS) vulnerability
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
OSV
MoinMoin cross-site scripting (XSS) vulnerability
osv·2022-05-17·CVSS 4.3
CVE-2010-2970 [MEDIUM] MoinMoin cross-site scripting (XSS) vulnerability
MoinMoin cross-site scripting (XSS) vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
OSV
CVE-2010-2970: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
osv·2010-08-05·CVSS 4.3
CVE-2010-2970 [MEDIUM] CVE-2010-2970: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGEShttp://hg.moinmo.in/moin/1.9/rev/4fe9951788cbhttp://hg.moinmo.in/moin/1.9/rev/e50b087c4572http://marc.info/?l=oss-security&m=127799369406968&w=2http://marc.info/?l=oss-security&m=127809682420259&w=2http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsghttp://moinmo.in/MoinMoinRelease1.9http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/40836http://www.debian.org/security/2010/dsa-2083http://www.securityfocus.com/bid/40549http://www.vupen.com/english/advisories/2010/1981http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGEShttp://hg.moinmo.in/moin/1.9/rev/4fe9951788cbhttp://hg.moinmo.in/moin/1.9/rev/e50b087c4572http://marc.info/?l=oss-security&m=127799369406968&w=2http://marc.info/?l=oss-security&m=127809682420259&w=2http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsghttp://moinmo.in/MoinMoinRelease1.9http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/40836http://www.debian.org/security/2010/dsa-2083http://www.securityfocus.com/bid/40549http://www.vupen.com/english/advisories/2010/1981
2010-08-05
Published