BID:22515

MoinMoin Multiple Cross Site Scripting Vulnerabilities

Info

MoinMoin Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	22515
Class:	Input Validation Error
CVE:	CVE-2007-0901 CVE-2007-0902
Remote:	Yes
Local:	No
Published:	Feb 12 2007 12:00AM
Updated:	Feb 21 2007 08:46PM
Credit:	En Douli is credited with the discovery of these vulnerabilities.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 MoinMoin MoinMoin 1.5.7

Not Vulnerable:

Discussion

MoinMoin Multiple Cross Site Scripting Vulnerabilities

MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Version 1.5.7 is vulnerable; other versions may also be affected.

Exploit / POC

MoinMoin Multiple Cross Site Scripting Vulnerabilities

An attacker can exploit this vulnerability via a web client.

Solution / Fix

MoinMoin Multiple Cross Site Scripting Vulnerabilities

Solution:
The vendor has released a fix and a security advisory to address these issues; please see the references for details.

References

MoinMoin Multiple Cross Site Scripting Vulnerabilities

References:

MoinMoin Homepage (MoinMoin)