CVE-2008-1098 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1098
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1098

Description: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41037 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-716-1 SAID Secunia Advisory: SA29262 Secunia Advisory: SA29444 Secunia Advisory: SA30031 Secunia Advisory: SA33755 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1514 CONFIRM http://moinmo.in/SecurityFixes http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499 http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd BID 28173

Return to the previous page.