Launchpad.net

CVE 2010-0828

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

Related bugs and status

CVE-2010-0828 (Candidate) is related to these bugs:

Bug #538022: XSS in Despam action

		In	Importance	Status
538022	XSS in Despam action	moin (Ubuntu)	Low	Fix Released
538022	XSS in Despam action	moin (Ubuntu Hardy)	Low	Fix Released
538022	XSS in Despam action	moin (Ubuntu Intrepid)	Low	Fix Released
538022	XSS in Despam action	moin (Ubuntu Dapper)	Low	Fix Released
538022	XSS in Despam action	moin (Ubuntu Jaunty)	Low	Fix Released
538022	XSS in Despam action	moin (Ubuntu Karmic)	Low	Fix Released
538022	XSS in Despam action	moin (Ubuntu Lucid)	Low	Fix Released

Bug #586518: Please merge moin 1.9.3-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	586518	Please merge moin 1.9.3-1 (main) from Debian unstable (main)		moin (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...
CONFIRM: http://hg.moinmo.in/mo...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-2024
BID: 39110
SECUNIA: 39188
SECUNIA: 39190
VUPEN: ADV-2010-0767
FEDORA: FEDORA-2010-6012
FEDORA: FEDORA-2010-6134
FEDORA: FEDORA-2010-6180
UBUNTU: USN-925-1
SECUNIA: 39267
SECUNIA: 39284
VUPEN: ADV-2010-0831
VUPEN: ADV-2010-0834
XF: moinmoin-despam-xss(57...