pysec-2009-6
Vulnerability from pysec
Published
2009-04-29 18:30
Modified
2017-08-17 01:30
Details
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Impacted products
Name | purl | moin | pkg:pypi/moin |
---|
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "moin", "purl": "pkg:pypi/moin" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.8.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2009-1482" ], "details": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.", "id": "PYSEC-2009-6", "modified": "2017-08-17T01:30:00Z", "published": "2009-04-29T18:30:00Z", "references": [ { "type": "ADVISORY", "url": "http://secunia.com/advisories/34821" }, { "type": "ADVISORY", "url": "http://www.vupen.com/english/advisories/2009/1119" }, { "type": "WEB", "url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/34631" }, { "type": "WEB", "url": "http://moinmo.in/SecurityFixes" }, { "type": "ADVISORY", "url": "http://www.ubuntu.com/usn/USN-774-1" }, { "type": "ADVISORY", "url": "http://secunia.com/advisories/35024" }, { "type": "ADVISORY", "url": "http://secunia.com/advisories/34945" }, { "type": "ADVISORY", "url": "http://www.debian.org/security/2009/dsa-1791" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…