CVE-2008-0780

Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7
http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d
http://secunia.com/advisories/28987
http://secunia.com/advisories/29010
http://secunia.com/advisories/29262
http://secunia.com/advisories/29444
http://secunia.com/advisories/33755
http://www.debian.org/security/2008/dsa-1514
http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml
http://www.securityfocus.com/bid/27904
http://www.vupen.com/english/advisories/2008/0569/references
https://bugzilla.redhat.com/show_bug.cgi?id=432747
https://usn.ubuntu.com/716-1/
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moinmoin:moinmoin:1.5.0:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.1:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.2:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.3:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.4:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.5:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.5a:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.6:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.7:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.5.8:::::::*
	cpe:2.3:a:moinmoin:moinmoin:1.6.0:::::::*

History

No history.

Information

Published : 2008-02-14 21:00

Updated : 2024-02-04 17:13

NVD link : CVE-2008-0780

Mitre link : CVE-2008-0780

CVE.ORG link : CVE-2008-0780

JSON object : View

Products Affected

moinmoin

moinmoin

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2008-0780", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-02-14T21:00:00.000", "references": [{"url": "http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7", "source": "cve@mitre.org"}, {"url": "http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28987", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29010", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29262", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29444", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33755", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1514", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27904", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0569/references", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432747", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/716-1/", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00726.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00752.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados en MoinMoin v1.5.x a la 1.5.8 y 1.6.x anterior a 1.6.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s de una acci\u00f3n de login."}], "lastModified": "2018-10-03T21:53:16.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84317439-A287-4897-9608-65095860AB95"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12"}, {"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}