CVE-2017-5934
MEDIUM6.1EPSS 0.65%Moderate severity vulnerability that affects moin
發布日:2019/1/4修改日:2024/9/27
描述
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
受影響套件(4)
- Debian/moinfrom 0, < 1.9.8-1+deb8u2
- Debian/moinfrom 0, < 1.9.9-1+deb9u1
- PyPI/moinfrom 0, < 1.9.10
- PyPI/moinfrom 0, < 70955a8eae091cc88fd9a6e510177e70289ec024 | from 0, < 1.9.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(11)
- ADVISORYhttps://github.com/advisories/GHSA-42fp-4hm3-j8r7
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-5934
- PATCHhttps://github.com/moinwiki/moin-1.9
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html
- WEBhttp://moinmo.in/SecurityFixes
- WEBhttps://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml
- WEBhttps://lists.debian.org/debian-lts-announce/2018/10/msg00007.html
- WEBhttps://usn.ubuntu.com/3794-1
- WEBhttps://usn.ubuntu.com/3794-1/
- WEBhttps://www.debian.org/security/2018/dsa-4318