CVE-2010-2487
Published: 5 August 2010
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
moin Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.2-1ubuntu2.7)
|
| hardy |
Released
(1.5.8-5.1ubuntu2.5)
|
|
| jaunty |
Released
(1.8.2-2ubuntu2.5)
|
|
| karmic |
Released
(1.8.4-1ubuntu1.3)
|
|
| lucid |
Released
(1.9.2-2ubuntu3.1)
|
|
| upstream |
Released
(1.9.3)
|
|
|
Patches: upstream: http://hg.moinmo.in/moin/1.7/rev/37306fba2189 upstream: http://hg.moinmo.in/moin/1.7/rev/f8871116c6b3 upstream: http://hg.moinmo.in/moin/1.8/rev/4238b0c90871 upstream: http://hg.moinmo.in/moin/1.8/rev/bb27a4b9dfe3 upstream: http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513 upstream: http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb upstream: http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 upstream: http://hg.moinmo.in/moin/1.9/rev/60fde500cbc2 upstream: http://hg.moinmo.in/moin/1.9/rev/282ff1a50c4d |
||