Page 3 of 15 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 74EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.3 y anteriores, v1.8.x anterior a v1.8.8, y v1.9.x anterior a v1.9.3 permite a atacantes remotos injectar a su elección código web o HTML a través de contenido manipulado, relacionado con (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, y (10) action/recoverpass.py. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.7/rev/37306fba2189 http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES http://hg.moinmo.in/moin/1.8/rev/4238b0c90871 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513 http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action/Despam.py del módulo de acción Despam de MoinMoin v1.8.7 y v1.9.2, permite a usuarios autenticados en remoto inyectar secuencias de comandos Web o HTML de su elección creando un página con una URI manipulada. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995 http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html http://secunia.com/advisories/39188 http://secunia.com/advisories/39190 http://secunia.com/advisories/39267 http://secunia.com/advisories/39284 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. MoinMoin v1.9 anteriores v1.9.1 no realiza de la forma esperada la limpieza del array sys.argv en situaciones donde la variable de entorno GATEWAY_INTERFACE recibe valor, lo que permite a atacantes remotos conseguir información sensible a través de vectores no especificados. • http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/04afdde50094 http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2 http://marc.info/?l=oss-security&m=126625972814888&w=2 http://marc.info/?l=oss-security&m=126676896601156&w=2 http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18 http://moinmo.in/SecurityFixes http://secunia.com/advisories/38242 http://www.openwall.com/lists/oss-security/2010/01/21/6 http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 1%CPEs: 46EXPL: 0

Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. Vulnerabilidad no especificada en MoinMoin v1.5.x hasta v1.7.x, v1.8.x anteriores a v1.8.7, y v1.9.x anteriores a v1.9.2 tiene un impacto y cvector de ataque desconocido, relativo a configuraciones que tienen una lista no vacía de super-usuarios, la acción xmlrpc está disponible, la acción SyncPages está activo, o configurada OpenID. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975 http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html http://marc.info/?l=oss-security&m=126625972814888&w=2 http://marc.info/?l=oss-security&m=126676896601156&w=2 http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/SecurityFixes http://secunia.c •

CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 0

MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. MoinMoin anteriores a v1.8.7 y 1.9.x anteriores a v1.9.2 no sanea de forma adecuada los perfiles de usuario, lo que tiene un impacto y efectos desconocidos. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/SecurityFixes http://secunia.com/advisories/38444 http://secunia.com/advisories/38903 http://www.debian.org/security/2010/dsa-2014 http://www.openwall.com/lists/oss-security/2010/02/15/2 http://www.openwall.com/lists/oss-security/2010/02/15/4 http://www.openwall.com/lists/oss-security/2010/02/21/2 http://www.securityfocus.com/bid/38023&# •