MoinMoin 'PageEditor.py' Cross-Site Scripting Vulnerability

2010.08.05
Credit: Vendor
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2010-2487 | CVE-2010-2969 | CVE-2010-2970
CWE: CWE-79

Description There is a possible reflected Cross-Site Scripting attack. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities. The template parameter is vulnerable, as can be seen by navigating to a URL: http://<site>/NonExistantUser?action=edit&template=<script>alert(document.cookie);</script> Steps to reproduce 1. navigate to a URL of the form: http://<site>/NonExistantUser?action=edit&template=<script>alert(document.cookie);</script> Example URL: http://<site>/NonExistantUser?action=edit&template=<script>alert(document.cookie);</script> Component selection * add_msg expects correctly escaped input, but it isn't done at all places

References:

http://www.vupen.com/english/advisories/2010/1981
http://www.securityfocus.com/bid/40549
http://www.debian.org/security/2010/dsa-2083
http://secunia.com/advisories/40836
http://moinmo.in/SecurityFixes
http://moinmo.in/MoinMoinRelease1.9
http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
http://marc.info/?l=oss-security&m=127809682420259&w=2
http://marc.info/?l=oss-security&m=127799369406968&w=2
http://hg.moinmo.in/moin/1.9/rev/e50b087c4572
http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb
http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top