CVE-2009-0312

Related Files

Ubuntu Security Notice 716-1

Posted Jan 30, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-716-1 - Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Fernando Quintero discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting vulnerabilities. It was discovered that MoinMoin did not properly sanitize its input when processing user forms, editing pages, relaying error messages, or when attaching files.

tags | advisory, remote, vulnerability, xss

systems | linux, ubuntu

advisories | CVE-2008-0780, CVE-2008-0781, CVE-2008-0782, CVE-2008-1098, CVE-2008-1099, CVE-2009-0260, CVE-2009-0312

SHA-256 | 3cf813802484b2e1dd4008c636dbd66d0098aaba73a35e91aab0e08180c8c49c

Download | Favorite | View

Debian Linux Security Advisory 1715-1

Posted Jan 29, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1715 - It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260). Another cross-site scripting vulnerability was discovered in the antispam feature (CVE-2009-0312).

tags | advisory, xss, python

systems | linux, debian

advisories | CVE-2009-0260, CVE-2009-0312

SHA-256 | 6c6e3123163f34ab54bb206a191c80426831bbce34684883ea9df7ee7843b706

Download | Favorite | View