CVE-2010-2487

MEDIUM6.1EPSS 1.3%

moin - cross-site scripting

發布日:2022/5/17修改日:2026/3/9

描述

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.

受影響套件(3)

Debian/moinfrom 0, < 1.7.1-3+lenny5
PyPI/moinfrom 0, <= 1.7.3
PyPI/moin>= 1.8, < 1.8.8, >= 1.9, < 1.9.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(22)

ADVISORYhttp://secunia.com/advisories/40836
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-2487
ADVISORYhttp://www.vupen.com/english/advisories/2010/1981
PATCHhttps://github.com/moinwiki/moin
WEBhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809
WEBhttp://hg.moinmo.in/moin/1.7/rev/37306fba2189
WEBhttp://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES
WEBhttp://hg.moinmo.in/moin/1.8/rev/4238b0c90871
WEBhttp://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
WEBhttp://hg.moinmo.in/moin/1.9/rev/68ba3cc79513
WEBhttp://hg.moinmo.in/moin/1.9/rev/e50b087c4572
WEBhttp://marc.info/?l=oss-security&m=127799369406968&w=2
WEBhttp://marc.info/?l=oss-security&m=127809682420259&w=2
WEBhttp://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
WEBhttp://moinmo.in/MoinMoinRelease1.8
WEBhttp://moinmo.in/MoinMoinRelease1.9
WEBhttp://moinmo.in/SecurityFixes
WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-16.yaml
WEBhttps://web.archive.org/web/20140801154518/http://secunia.com/advisories/40836
WEBhttps://web.archive.org/web/20200228150629/http://www.securityfocus.com/bid/40549
WEBhttp://www.debian.org/security/2010/dsa-2083
WEBhttp://www.securityfocus.com/bid/40549