PYSEC-2009-6

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-6.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2009-6

Aliases

Published

2009-04-29T18:30:00Z

Modified

2024-04-29T12:56:25.996829Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the errormsg function or (2) multiple vectors related to package file errors in the uploadform function, different vectors than CVE-2009-0260.

References

Affected packages

PyPI / moin

Package

Name: moin; View open source insights on deps.dev
Purl: pkg:pypi/moin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.3

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-6.yaml"