CVE-2010-2487 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier 1.8.x before 1.8.8 and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content related to (1) Page.py (2) PageEditor.py (3) PageGraphicalEditor.py (4) action/CopyPage.py (5) action/Load.py (6) action/RenamePage.py (7) action/backup.py (8) action/login.py (9) action/newaccount.py and (10) action/recoverpass.py.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.7/rev/37306fba2189 http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES http://hg.moinmo.in/moin/1.8/rev/4238b0c90871 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513 http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/?l=oss-security&m=127809682420259&w=2 http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://secunia.com/advisories/40836 http://www.debian.org/security/2010/dsa-2083 http://www.securityfocus.com/bid/40549 http://www.vupen.com/english/advisories/2010/1981