Showing 1 - 3 of 3

CVE-2011-1058

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.

Related Files

Gentoo Linux Security Advisory 201210-02: Posted Oct 18, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201210-2 - Multiple vulnerabilities have been found in MoinMoin, the worst of which allowing for injection of arbitrary web script or HTML. Versions less than 1.9.4 are affected.; tags | advisory, web, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2010-0668, CVE-2010-0669, CVE-2010-0717, CVE-2010-0828, CVE-2010-1238, CVE-2010-2487, CVE-2010-2969, CVE-2010-2970, CVE-2011-1058; SHA-256 | 4d9ba6abefcc507c2eba4d1f87ee9899d2416f5a1e5e306c72af993453e5bf78; Download | Favorite | View

Ubuntu Security Notice USN-1604-1: Posted Oct 11, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1604-1 - It was discovered that MoinMoin did not properly sanitize certain input, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. It was discovered that MoinMoin incorrectly handled group names that contain virtual group names such as "All", "Known" or "Trusted". This could result in a remote user having incorrect permissions. Various other issues were also addressed.; tags | advisory, remote, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2011-1058, CVE-2012-4404, CVE-2011-1058, CVE-2012-4404; SHA-256 | 1ce16fbb6c9076312138ad64f4db209f2248fb9791187ad08e0fd105cc3c207a; Download | Favorite | View

Debian Security Advisory 2321-1: Posted Oct 10, 2011; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2321-1 - A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.; tags | advisory, python; systems | linux, debian; advisories | CVE-2011-1058; SHA-256 | 8c0f1a089dabbb44312a9f61dfd8a3a6c5421bd634428c589dcce8b37b4b49b9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2011-1058

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems