CVE-2017-5934 — Cross-site Scripting in Moinmoin

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 29.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moinmo Moinmoin Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedOct 15

Latest updateJan 4

Description

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDmoinmo/moinmoin< 1.9.10

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Moderate severity vulnerability that affects moin↗2019-01-04

▶

OSV

Moderate severity vulnerability that affects moin↗2019-01-04

▶

OSV

CVE-2017-5934: Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1↗2018-10-15

▶

📋Vendor Advisories

Ubuntu

MoinMoin vulnerability↗2018-10-16

▶