MoinMoin 'AdvancedSearch.py' Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	30297
Class:	Input Validation Error
CVE:	CVE-2008-3381
Remote:	Yes
Local:	No
Published:	Jul 20 2008 12:00AM
Updated:	Apr 13 2015 10:05PM
Credit:	Emanuele Gentili
Vulnerable:	MoinMoin MoinMoin 1.7 MoinMoin MoinMoin 1.6.3
Not Vulnerable:	MoinMoin MoinMoin 1.7.1

MoinMoin 'AdvancedSearch.py' Multiple Cross-Site Scripting Vulnerabilities

MoinMoin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

MoinMoin 1.7.0 and 1.6.3 are vulnerable; prior versions may be affected as well.

MoinMoin 'AdvancedSearch.py' Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow malicious URIs.

MoinMoin 'AdvancedSearch.py' Multiple Cross-Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references for more information.


MoinMoin MoinMoin 1.6.3

• MoinMoin moin-1.7.1.tar.gz
  http://static.moinmo.in/files/moin-1.7.1.tar.gz

MoinMoin MoinMoin 1.7

• MoinMoin moin-1.7.1.tar.gz
  http://static.moinmo.in/files/moin-1.7.1.tar.gz

MoinMoin 'AdvancedSearch.py' Multiple Cross-Site Scripting Vulnerabilities

References:

• MoinMoin Homepage (MoinMoin)
  
• Security Fix Announcements (MoinMoin)