Vulnerability Name:

CVE-2007-2423 (CCN-34087)

Assigned:2007-04-26
Published:2007-04-26
Updated:2008-11-13
Summary:Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857.
Note: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2423

Source: CCN
Type: MoinMoin Web page
MoinMoinWiki - MoinMoin

Source: OSVDB
Type: UNKNOWN
36567

Source: SECUNIA
Type: UNKNOWN
29262

Source: DEBIAN
Type: UNKNOWN
DSA-1514

Source: DEBIAN
Type: DSA-1514
moin -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 36567
MoinMoin index.php AttachFile Action do Parameter XSS

Source: BID
Type: Exploit
23676

Source: CCN
Type: BID-23676
MoinMoin Index.PHP Cross-Site Scripting Vulnerability

Source: MISC
Type: UNKNOWN
http://www.securityfocus.com/data/vulnerabilities/exploits/23676.html

Source: CCN
Type: USN-458-1
MoinMoin vulnerabilities

Source: XF
Type: UNKNOWN
moinmoin-index-attachfile-xss(34087)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:7891
    P
    		DSA-1514 moin -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18640
    P
    		DSA-1514-1 moin
    2014-06-23
    oval:org.debian:def:1514
    V
    		several vulnerabilities
    2008-03-09
    BACK
    moinmoin moinmoin 1.5.7
    moinmoin moinmoin 1.5.7
    canonical ubuntu 6.06
    debian debian linux 4.0
    canonical ubuntu 7.04