Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1098

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1098
Last Modified 05 Feb 2009 01:38:44
Published 05 Mar 2008 03:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1098

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.

Vulnerable Systems

Application

  • Moinmoin 1.5.8


References

UBUNTU - USN-716-1

SECUNIA - 33755

CONFIRM - http://moinmo.in/SecurityFixes

CONFIRM - http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499

CONFIRM - http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd

FEDORA - FEDORA-2008-3328

FEDORA - FEDORA-2008-3301

XF - moinmoin-multiple-actions-xss(41037)

BID - 28173

GENTOO - GLSA-200803-27

DEBIAN - DSA-1514

SECUNIA - 30031

SECUNIA - 29444

SECUNIA - 29262


Last Updated: 27 May 2016 10:47:01