CVE-2008-0781

Published: Feb 14, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.

Affected (26)

Products: Moinmoin: Moinmoin

1 product

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Moinmoin Moinmoin	Version 0.10
Moinmoin Moinmoin	Version 0.11
Moinmoin Moinmoin	Version 0.1
Moinmoin Moinmoin	Version 0.2
Moinmoin Moinmoin	Version 0.3
Moinmoin Moinmoin	Version 0.7
Moinmoin Moinmoin	Version 0.8
Moinmoin Moinmoin	Version 0.9
Moinmoin Moinmoin	Version 1.0
Moinmoin Moinmoin	Version 1.1
Moinmoin Moinmoin	Version 1.2.1
Moinmoin Moinmoin	Version 1.2.2
Moinmoin Moinmoin	Version 1.2
Moinmoin Moinmoin	Version 1.5.0
Moinmoin Moinmoin	Version 1.5.1
Moinmoin Moinmoin	Version 1.5.2
Moinmoin Moinmoin	Version 1.5.3
Moinmoin Moinmoin	Version 1.5.3_rc1
Moinmoin Moinmoin	Version 1.5.3_rc2
Moinmoin Moinmoin	Version 1.5.4
Moinmoin Moinmoin	Version 1.5.5
Moinmoin Moinmoin	Version 1.5.5_rc1
Moinmoin Moinmoin	Version 1.5.5a
Moinmoin Moinmoin	Version 1.5.6
Moinmoin Moinmoin	Version 1.5.7
Moinmoin Moinmoin	Version 1.5.8

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (28)

http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef

Source: cve@mitre.org

http://secunia.com/advisories/28987

Source: cve@mitre.org

http://secunia.com/advisories/29010

Source: cve@mitre.org

http://secunia.com/advisories/29262

Source: cve@mitre.org

http://secunia.com/advisories/29444

Source: cve@mitre.org

http://secunia.com/advisories/33755

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1514

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/27904

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0569/references

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=432748

Source: cve@mitre.org

https://usn.ubuntu.com/716-1/

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html

Source: cve@mitre.org

http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28987

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29010

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29262

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29444

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33755

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1514

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/27904

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0569/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=432748

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/716-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.