CVE-2008-1099
Gentoo Linux Security Advisory 200803-27
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
_macro_Getval en wikimacro.py de MoinMoin 1.5.8 y anteriores no hace cumplir correctamente ACLs, lo que permite a atacantes remotos leer páginas protegidas.
Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Fernando Quintero discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting vulnerabilities. It was discovered that MoinMoin did not properly sanitize its input when processing user forms, editing pages, relaying error messages, or when attaching files.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-28 CVE Reserved
- 2008-03-05 CVE Published
- 2024-08-07 CVE Updated
- 2025-05-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://hg.moinmo.in/moin/1.5/rev/4a7de0173734 | X_refsource_confirm | |
| http://moinmo.in/SecurityFixes | X_refsource_confirm | |
| http://secunia.com/advisories/29262 | Third Party Advisory | |
| http://secunia.com/advisories/29444 | Third Party Advisory | |
| http://secunia.com/advisories/30031 | Third Party Advisory | |
| http://secunia.com/advisories/33755 | Third Party Advisory | |
| http://www.securityfocus.com/bid/28177 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41038 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|