DSA-1514 moin -- several vulnerabilitiesID: oval:org.mitre.oval:def:7891 | Date: (C)2009-12-15 (M)2021-06-06 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in MoinMoin, a Python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems: A cross-site-scripting vulnerability has been discovered in attachment handling. Access control lists for calendars and includes were insufficiently enforced, which could lead to information disclosure. A cross-site-scripting vulnerability has been discovered in the login code. A cross-site-scripting vulnerability has been discovered in attachment handling. A directory traversal vulnerability in cookie handling could lead to local denial of service by overwriting files. Cross-site-scripting vulnerabilities have been discovered in the GUI editor formatter and the code to delete pages. The macro code validates access control lists insufficiently, which could lead to information disclosure.