CVE-2007-2423

描述

Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

如何修補 CVE-2007-2423

要修補 CVE-2007-2423,請將受影響套件升級到下列已修補版本。

• Debian/moin—升級至 1.5.7-3 或更新版本
• Debian/moin—升級至 1.5.3-1.2etch1 或更新版本

CVE-2007-2423 正在被利用嗎?

低 — EPSS 為 5.0%,目前沒有觀察到大規模利用活動。

受影響套件(2)

• from 0, < 1.5.7-3
• from 0, < 1.5.3-1.2etch1

參考連結(5)

• ADVISORYsecunia.com/advisories/29262
• ADVISORYwww.debian.org/security/2008/dsa-1514
• EXPLOITwww.securityfocus.com/bid/23676
• WEBosvdb.org/36567
• WEBwww.securityfocus.com/data/vulnerabilities/exploits/23676.html