all things security
Showing 1 - 3 of 3 RSS Feed

CVE-2010-2487

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.

Related Files

Gentoo Linux Security Advisory 201210-02
Posted Oct 18, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201210-2 - Multiple vulnerabilities have been found in MoinMoin, the worst of which allowing for injection of arbitrary web script or HTML. Versions less than 1.9.4 are affected.

tags | advisory, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-0668, CVE-2010-0669, CVE-2010-0717, CVE-2010-0828, CVE-2010-1238, CVE-2010-2487, CVE-2010-2969, CVE-2010-2970, CVE-2011-1058
MD5 | 57f1eecbded9ebbb366d5872d69c0c7e
Ubuntu Security Notice 977-1
Posted Aug 26, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 977-1 - It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2010-2487, CVE-2010-2969, CVE-2010-2970
MD5 | f68f3a58fdfc97baf2600337ecdae858
Debian Linux Security Advisory 2083-1
Posted Aug 3, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2083-1 - It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting (XSS) attacks for example via the template parameter.

tags | advisory, remote, xss, python
systems | linux, debian
advisories | CVE-2010-2487
MD5 | 3a876caa5a629a043bc0f63ac67c032c
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close