CVE-2009-0260 – moin

Package

Manager: pip
Name: moin
Vulnerable Version: >=0 <1.8.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03091 pctl0.86273

Details

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in `action/AttachFile.py` in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

Metadata

Created: 2022-05-02T03:13:51Z
Modified: 2024-05-14T20:41:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7hjm-hqgj-xv9f/GHSA-7hjm-hqgj-xv9f.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7hjm-hqgj-xv9f
Finding: F425
Auto approve: 1