GHSA-8fj9-pj4p-4vq7

Suggest an improvement
Source
https://github.com/advisories/GHSA-8fj9-pj4p-4vq7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8fj9-pj4p-4vq7/GHSA-8fj9-pj4p-4vq7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8fj9-pj4p-4vq7
Aliases
  • CVE-2008-1098
Published
2022-05-01T23:36:32Z
Modified
2024-05-19T02:24:36.538415Z
Summary
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Details

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780. The issue has been fixed on d0152eeb4499 and 4ede07e792dd.

Database specific 
{
    "nvd_published_at": "2008-03-05T20:44:00Z",
    "github_reviewed_at": "2024-05-14T20:41:34Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

PyPI / moin

Package

Name
moin
View open source insights on deps.dev
Purl
pkg:pypi/moin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.5.8