CVE-2010-2487 – moin

Package

Manager: pip
Name: moin
Vulnerable Version: >=0 <=1.7.3 || >=1.8.0 <1.8.8 || >=1.9.0 <1.9.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.01289 pctl0.78883

Details

MoinMoin Cross-site Scripting (XSS) vulnerability Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) `Page.py`, (2) `PageEditor.py`, (3) `PageGraphicalEditor.py`, (4) `action/CopyPage.py`, (5) `action/Load.py`, (6) `action/RenamePage.py`, (7) `action/backup.py`, (8) `action/login.py`, (9) `action/newaccount.py`, and (10) `action/recoverpass.py`.

Metadata

Created: 2022-05-17T05:49:23Z
Modified: 2024-09-26T14:50:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5m2m-27cg-7v4v/GHSA-5m2m-27cg-7v4v.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-5m2m-27cg-7v4v
Finding: F425
Auto approve: 1