CVE-2007-0901 – moin

Package

Manager: pip
Name: moin
Vulnerable Version: >=0 <1.5.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00428 pctl0.61613

Details

MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Metadata

Created: 2022-05-01T17:47:55Z
Modified: 2023-10-17T13:39:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9gj2-ph57-56f5/GHSA-9gj2-ph57-56f5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9gj2-ph57-56f5
Finding: F008
Auto approve: 1