CVE-2016-7148 Information

Description

MoinMoin 1.9.8 allows remote attackers to conduct \JavaScript injection\ attacks by using the \page creation\ approach related to a \Cross Site Scripting (XSS)\ issue affecting the action=AttachFile (via page name) component.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.debian.org/security/2016/dsa-3715 http://www.securityfocus.com/bid/94259 http://www.ubuntu.com/usn/USN-3137-1 https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1