CVE-2012-6082 — Cross-site Scripting in Moinmoin

CWE-79 — Cross-site Scripting7 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moinmo Moinmoin

Timeline

PublishedJan 3

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmoinmo/moinmoin1.9.5

Patches

Patch: hg.moinmo.in ↗Patch: hg.moinmo.in ↗

🔴Vulnerability Details

GHSA

MoinMoin Cross-site scripting (XSS) vulnerability↗2022-05-17

▶

OSV

MoinMoin Cross-site scripting (XSS) vulnerability↗2022-05-17

▶

OSV

CVE-2012-6082: Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__↗2013-01-03

▶

💬Community

Bugzilla

CVE-2012-6082 moinmoin: Wiki (XSS in rss link)↗2012-12-31

▶

Bugzilla

CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [epel-5]↗2012-12-31

▶

Bugzilla

CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [fedora-all]↗2012-12-31

▶