CVE-2009-0260

NameCVE-2009-0260
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1715-1, DTSA-187-1
Debian Bugs513158

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moinsourceetch1.5.3-1.2etch2DSA-1715-1
moinsourcelenny1.7.1-3+lenny1DTSA-187-1
moinsource(unstable)1.8.1-1.1low513158

Search for package or bug name: Reporting problems