Skip to content

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Moderate severity GitHub Reviewed Published May 2, 2022 to the GitHub Advisory Database • Updated May 14, 2024

Package

pip moin (pip)

Affected versions

< 1.8.1

Patched versions

1.8.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

References

Published by the National Vulnerability Database Jan 23, 2009
Published to the GitHub Advisory Database May 2, 2022
Reviewed May 14, 2024
Last updated May 14, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2009-0260

GHSA ID

GHSA-7hjm-hqgj-xv9f

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.