CVE-2010-2487
https://notcve.org/view.php?id=CVE-2010-2487
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.3 y anteriores, v1.8.x anterior a v1.8.8, y v1.9.x anterior a v1.9.3 permite a atacantes remotos injectar a su elección código web o HTML a través de contenido manipulado, relacionado con (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, y (10) action/recoverpass.py. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.7/rev/37306fba2189 http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES http://hg.moinmo.in/moin/1.8/rev/4238b0c90871 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513 http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0828
https://notcve.org/view.php?id=CVE-2010-0828
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action/Despam.py del módulo de acción Despam de MoinMoin v1.8.7 y v1.9.2, permite a usuarios autenticados en remoto inyectar secuencias de comandos Web o HTML de su elección creando un página con una URI manipulada. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995 http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html http://secunia.com/advisories/39188 http://secunia.com/advisories/39190 http://secunia.com/advisories/39267 http://secunia.com/advisories/39284 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •