Showing 1 - 3 of 3

CVE-2010-2487

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.

Related Files

Gentoo Linux Security Advisory 201210-02: Posted Oct 18, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201210-2 - Multiple vulnerabilities have been found in MoinMoin, the worst of which allowing for injection of arbitrary web script or HTML. Versions less than 1.9.4 are affected.; tags | advisory, web, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2010-0668, CVE-2010-0669, CVE-2010-0717, CVE-2010-0828, CVE-2010-1238, CVE-2010-2487, CVE-2010-2969, CVE-2010-2970, CVE-2011-1058; SHA-256 | 4d9ba6abefcc507c2eba4d1f87ee9899d2416f5a1e5e306c72af993453e5bf78; Download | Favorite | View

Ubuntu Security Notice 977-1: Posted Aug 26, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 977-1 - It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.; tags | advisory, remote, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2010-2487, CVE-2010-2969, CVE-2010-2970; SHA-256 | f538172b30fc98a58580052fdd4fd67f69c60186f5886f382b323b4806770858; Download | Favorite | View

Debian Linux Security Advisory 2083-1: Posted Aug 3, 2010; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2083-1 - It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting (XSS) attacks for example via the template parameter.; tags | advisory, remote, xss, python; systems | linux, debian; advisories | CVE-2010-2487; SHA-256 | 395457bc601af50ef38ae224c858e76317ecb2a7e7548e8412a6fb7969093f8c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 285 files
Ubuntu 67 files
Debian 24 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Milad Karimi 5 files
Google Security Research 4 files
tmrswrr 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

CVE-2010-2487

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems