CVE-2010-0828
MEDIUM5.4EPSS 0.56%moin - cross-site scripting
Published: 5/2/2022Modified: 6/4/2024
Description
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
Affected packages (4)
- Debian/moinfrom 0, < 1.9.2-3
- Debian/moinfrom 0, < 1.7.1-3+lenny4
- PyPI/moin>= 1.9.0, < 1.9.3
- PyPI/moinfrom 0, < 1.9.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
References (32)
- ADVISORYhttp://secunia.com/advisories/39188
- ADVISORYhttp://secunia.com/advisories/39190
- ADVISORYhttp://secunia.com/advisories/39267
- ADVISORYhttp://secunia.com/advisories/39284
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-0828
- ADVISORYhttp://www.debian.org/security/2010/dsa-2024
- ADVISORYhttp://www.ubuntu.com/usn/USN-925-1
- ADVISORYhttp://www.vupen.com/english/advisories/2010/0767
- ADVISORYhttp://www.vupen.com/english/advisories/2010/0831
- ADVISORYhttp://www.vupen.com/english/advisories/2010/0834
- PATCHhttps://github.com/moinwiki/moin
- WEBhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995
- WEBhttp://hg.moinmo.in/moin/1.9/rev/6e603e5411ca
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html
- WEBhttps://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=578801
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/57435
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-28.yaml
- WEBhttps://web.archive.org/web/20151017002542/http://secunia.com/advisories/39284
- WEBhttps://web.archive.org/web/20151017033127/http://secunia.com/advisories/39267
- WEBhttps://web.archive.org/web/20151017033557/http://secunia.com/advisories/39190
- WEBhttps://web.archive.org/web/20151104183344/http://secunia.com/advisories/39188
- WEBhttps://web.archive.org/web/20200228163431/http://www.securityfocus.com/bid/39110
- WEBhttps://web.archive.org/web/20200228163432/http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca
- WEBhttps://web.archive.org/web/20220927220946/http://hg.moinmo.in/moin/1.9/rev/689e2b04bd4d
- WEBhttps://web.archive.org/web/20221003055226/http://hg.moinmo.in/moin/1.9/rev/788131dd21c3
- WEBhttps://web.archive.org/web/20221025223621/http://hg.moinmo.in/moin/1.8
- WEBhttps://www.debian.org/security/2010/dsa-2024
- WEBhttps://www.ubuntu.com/usn/USN-925-1
- WEBhttp://www.securityfocus.com/bid/39110