CVE-2016-7148

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
Configurations

Configuration 1 (hide)

cpe:2.3:a:moinmo:moinmoin:1.9.8:*:*:*:*:*:*:*

History

21 Nov 2024, 02:57

Type Values Removed Values Added
References () http://www.debian.org/security/2016/dsa-3715 - () http://www.debian.org/security/2016/dsa-3715 -
References () http://www.securityfocus.com/bid/94259 - () http://www.securityfocus.com/bid/94259 -
References () http://www.ubuntu.com/usn/USN-3137-1 - () http://www.ubuntu.com/usn/USN-3137-1 -
References () https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html - Exploit, Third Party Advisory () https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html - Exploit, Third Party Advisory

Information

Published : 2016-11-10 17:59

Updated : 2024-11-21 02:57


NVD link : CVE-2016-7148

Mitre link : CVE-2016-7148

CVE.ORG link : CVE-2016-7148


JSON object : View

Products Affected

moinmo

  • moinmoin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')