Vulnerability Name:

CVE-2010-0828 (CCN-57435)

Assigned:2010-03-12
Published:2010-03-12
Updated:2017-08-17
Summary:Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995

Source: MITRE
Type: CNA
CVE-2010-0828

Source: CONFIRM
Type: Exploit, Patch
http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-6012

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-6134

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-6180

Source: CCN
Type: MoinMoin Web Site
Security Fix Announcements

Source: CCN
Type: SA39188
MoinMoin Despam Script Insertion Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39188

Source: SECUNIA
Type: Vendor Advisory
39190

Source: SECUNIA
Type: UNKNOWN
39267

Source: SECUNIA
Type: UNKNOWN
39284

Source: DEBIAN
Type: UNKNOWN
DSA-2024

Source: DEBIAN
Type: DSA-2024
moin -- insufficient input sanitising

Source: CCN
Type: OSVDB ID: 63362
MoinMoin Despam.py Page Name XSS

Source: BID
Type: UNKNOWN
39110

Source: CCN
Type: BID-39110
MoinMoin 'Despam' Action HTML Injection Vulnerability

Source: CCN
Type: USN-925-1
MoinMoin vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-925-1

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0767

Source: VUPEN
Type: UNKNOWN
ADV-2010-0831

Source: VUPEN
Type: UNKNOWN
ADV-2010-0834

Source: CCN
Type: Ubuntu Bug #538022
XSS in Despam action

Source: CONFIRM
Type: Exploit
https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022

Source: CONFIRM
Type: Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=578801

Source: XF
Type: UNKNOWN
moinmoin-despam-xss(57435)

Source: XF
Type: UNKNOWN
moinmoin-despam-xss(57435)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*
  • OR cpe:/a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13275
    P
    		USN-925-1 -- moin vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:7093
    P
    		DSA-2024 moin -- insufficient input sanitising
    2014-06-23
    oval:org.mitre.oval:def:18244
    P
    		DSA-2024-1 moin - cross-site scripting
    2014-06-23
    oval:org.debian:def:2024
    V
    		insufficient input sanitising
    2010-03-31
    BACK
    moinmo moinmoin 1.8.7
    moinmo moinmoin 1.9.2
    moinmoin moinmoin 1.7.1
    canonical ubuntu 6.06
    canonical ubuntu 8.04
    debian debian linux 5.0