QwikSec

Security Database

CVE

CWE

Training

CVE-2008-1098

Published: Mar 5, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

http://moinmo.in/SecurityFixes

x_refsource_CONFIRM

FEDORA-2008-3328

vendor-advisory

x_refsource_FEDORA

FEDORA-2008-3301

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

moinmoin-multiple-actions-xss(41037)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.