CVE-2008-1098 - CVE Reference - Advisories

CVE Reference: CVE-2008-1098

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1098

Description: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41037 SAID Secunia Advisory: SA29262 Secunia Advisory: SA29444 Secunia Advisory: SA30031 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1514 CONFIRM http://moinmo.in/SecurityFixes http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499 http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd BID 28173

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	OpenBSD BIND Query Port DNS Cache Poisoning

3.	Drupal Session Fixation Vulnerability

4.	Advanced Poll Multiple Vulnerabilities

5.	PHP Classifieds "catid" and "catid_search" SQL Injection Vulnerability

6.	Ubuntu update for php

7.	Apple Safari Cross-Domain Cookie Injection Vulnerability

8.	Red Hat update for kernel

9.	Debian update for xulrunner

10.	Slackware update for dnsmasq