CVE-2012-4404
https://notcve.org/view.php?id=CVE-2012-4404
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. security/__init__.py en MoinMoin v1.9 hasta v1.9.4 no trata correctamente los nombres de los grupos que contienen nombres de grupos virtuales tales como "All", "Known", o "Trusted", lo que permite ser tratados como miembros del grupo no-virtual a usuarios remotos autenticados que pertenezcan a un grupo virtual. • http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 http://moinmo.in/SecurityFixes http://secunia.com/advisories/50474 http://secunia.com/advisories/50496 http://secunia.com/advisories/50885 http://www.debian.org/security/2012/dsa-2538 http://www.openwall.com/lists/oss-security/2012/09/04/4 http://www.openwall.com/lists/oss-security/2012/09/05/2 http://www.ubuntu.com/usn/USN-1604-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-1058
https://notcve.org/view.php?id=CVE-2011-1058
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de tipo cross-site scripting (XSS) en el analizador reStructuredText (rst) en parser/text_rst.py en MoinMoin anterior a versión 1.9.3, cuando es instalado docutils o cuando se establece "format rst", permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de una URL javascript: en el atributo refuri. NOTA: algunos de estos datos se obtienen de la información de terceros. • http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html http://moinmo.in/SecurityFixes http://secunia.com/advisories/43413 http://secunia.com/advisories/43665 http://secunia.com/advisories/50885 http://www.debian.org/security/2011/dsa-2321 http://www.securityfocus.com/bid/46476 http://www.ubuntu.com/usn • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2969
https://notcve.org/view.php?id=CVE-2010-2969
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.x y anteriores permite a atacantes remotos inyectar código web o HTML de su elección a travé de contenido manipulado, relacionado con (1) action/LikePages.py, (2) action/chart.py, y (3) action/userprofile.py, un tema similar a CVE-2010-2487. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.7/rev/37306fba2189 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/?l=oss-security&m=127809682420259&w=2 http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2970
https://notcve.org/view.php?id=CVE-2010-2970
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.9.x anterior v1.9.3 permite a atacantes remotos inyectar código web o HTML de su elección a travé de contenido manipulado, relacionado con (1) action/SlideShow.py, (2) action/anywikidraw.py, y (3) action/language_setup.py, un tema similar a CVE-2010-2487. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/?l=oss-security&m=127809682420259&w=2 http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2487
https://notcve.org/view.php?id=CVE-2010-2487
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.3 y anteriores, v1.8.x anterior a v1.8.8, y v1.9.x anterior a v1.9.3 permite a atacantes remotos injectar a su elección código web o HTML a través de contenido manipulado, relacionado con (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, y (10) action/recoverpass.py. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.7/rev/37306fba2189 http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES http://hg.moinmo.in/moin/1.8/rev/4238b0c90871 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513 http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •