CVSS: 4.3EPSS: 1%CPEs: 74EXPL: 2CVE-2010-2487
https://notcve.org/view.php?id=CVE-2010-2487
04 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. Múltiples vulnerabilidades de secuencias de comandos en sitio... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0828
https://notcve.org/view.php?id=CVE-2010-0828
05 Apr 2010 — Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action/Despam.py del módulo de acción Despam de MoinMoin v1.8.7 y v1.9.2, permite a usuarios autenticados en remoto inyectar secuencias de comandos Web o HTML de su elección creando un página con una URI manipulada... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 46EXPL: 0CVE-2010-0668
https://notcve.org/view.php?id=CVE-2010-0668
26 Feb 2010 — Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. Vulnerabilidad no especificada en MoinMoin v1.5.x hasta v1.7.x, v1.8.x anteriores a v1.8.7, y v1.9.x anteriores a v1.9.2 tiene un impacto y cvector de ataque desconocido, relativo a configuraciones que tienen una lista no vacía ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975 •
CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 0CVE-2010-0669
https://notcve.org/view.php?id=CVE-2010-0669
26 Feb 2010 — MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. MoinMoin anteriores a v1.8.7 y 1.9.x anteriores a v1.9.2 no sanea de forma adecuada los perfiles de usuario, lo que tiene un impacto y efectos desconocidos. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES •