Summary
This host is running MoinMoin Wiki and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary scripting code.
Impact Level: Application
Solution
Upgrade MoinMoin Wiki 1.9.2-3 or latest,
For updates refer to http://moinmo.in/MoinMoinDownload
Insight
Input passed via the 'page' name which is not properly sanitising before being returned to the user in 'Despam.py'. This can be exploited to insert arbitrary HTML and script code, when the Despam functionality is used on a page with a specially crafted page name.
Affected
MoinMoin Wiki version 1.8.7 and 1.9.2
References
Severity
Classification
-
CVE CVE-2010-0828 -
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N
Related Vulnerabilities
- Contenido CMS Multiple Parameter Cross-Site Scripting Vulnerabilities
- Bitweaver Multiple Cross-Site Scripting Vulnerabilities
- Serendipity 'serendipity_admin.php' Cross Site Scripting Vulnerability
- phpBB 'includes/message_parser.php' HTML Injection Vulnerability
- Google Chrome Information Disclosure Vulnerability