[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0828Date: (C)2010-04-05   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-39110
SECUNIA-39188
SECUNIA-39190
SECUNIA-39267
SECUNIA-39284
ADV-2010-0767
ADV-2010-0831
ADV-2010-0834
DSA-2024
FEDORA-2010-6012
FEDORA-2010-6134
FEDORA-2010-6180
USN-925-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995
http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca
https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022
https://bugzilla.redhat.com/show_bug.cgi?id=578801
moinmoin-despam-xss(57435)

CPE    2
cpe:/a:moinmo:moinmoin:1.9.2
cpe:/a:moinmo:moinmoin:1.8.7
CWE    1
CWE-79
OVAL    7
oval:org.secpod.oval:def:100545
oval:org.secpod.oval:def:100230
oval:org.secpod.oval:def:100823
oval:org.secpod.oval:def:700023
...

© SecPod Technologies