CVE-2008-1098 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moinmoin	Moinmoin

Configuration 1 [-]

cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd
http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/29262
http://secunia.com/advisories/29444
http://secunia.com/advisories/30031
http://secunia.com/advisories/33755
http://www.debian.org/security/2008/dsa-1514
http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml
http://www.securityfocus.com/bid/28173
https://exchange.xforce.ibmcloud.com/vulnerabilities/41037
https://usn.ubuntu.com/716-1/
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-05T20:00:00

Updated: 2024-08-07T08:08:57.403Z

Reserved: 2008-02-28T00:00:00

Link: CVE-2008-1098

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-05T20:44:00.000

Modified: 2024-11-21T00:43:40.477

Link: CVE-2008-1098

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-25T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30031", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30031"}, {"name": "33755", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33755"}, {"name": "GLSA-200803-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"name": "29262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29262"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "FEDORA-2008-3328", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}, {"name": "FEDORA-2008-3301", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"name": "29444", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29444"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"}, {"name": "USN-716-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/716-1/"}, {"name": "moinmoin-multiple-actions-xss(41037)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"}, {"name": "28173", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28173"}, {"name": "DSA-1514", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1514"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1098", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30031", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30031"}, {"name": "33755", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33755"}, {"name": "GLSA-200803-27", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"name": "29262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29262"}, {"name": "http://moinmo.in/SecurityFixes", "refsource": "CONFIRM", "url": "http://moinmo.in/SecurityFixes"}, {"name": "FEDORA-2008-3328", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}, {"name": "FEDORA-2008-3301", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"name": "29444", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29444"}, {"name": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"}, {"name": "USN-716-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/716-1/"}, {"name": "moinmoin-multiple-actions-xss(41037)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"}, {"name": "28173", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28173"}, {"name": "DSA-1514", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1514"}, {"name": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.403Z"}, "title": "CVE Program Container", "references": [{"name": "30031", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30031"}, {"name": "33755", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33755"}, {"name": "GLSA-200803-27", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"name": "29262", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29262"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "FEDORA-2008-3328", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}, {"name": "FEDORA-2008-3301", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"name": "29444", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29444"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"}, {"name": "USN-716-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/716-1/"}, {"name": "moinmoin-multiple-actions-xss(41037)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"}, {"name": "28173", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28173"}, {"name": "DSA-1514", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1514"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1098", "datePublished": "2008-03-05T20:00:00", "dateReserved": "2008-02-28T00:00:00", "dateUpdated": "2024-08-07T08:08:57.403Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3A2FDB5-6C57-43E2-AA1B-D083D93C5679", "versionEndIncluding": "1.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin 1.5.8 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) ciertas entradas procesadas por formatter/text_gedit.py (tambi\u00e9n conocido como el gui editor formatter); (2) un nombre de p\u00e1gina, que dispara una inyecci\u00f3n en PageEditor.py cuando la p\u00e1gina se borra exitosamente por una v\u00edctima en una acci\u00f3n DeletePage; (3) el nombre de la p\u00e1gina destino para una acci\u00f3n RenamePage, lo que dispara una inyecci\u00f3n en PageEditor.py cuando un intento de cambiar el nombre de la v\u00edctima falla debido a un nombre duplicado."}], "id": "CVE-2008-1098", "lastModified": "2024-11-21T00:43:40.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-03-05T20:44:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"}, {"source": "cve@mitre.org", "url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"}, {"source": "cve@mitre.org", "url": "http://moinmo.in/SecurityFixes"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29262"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29444"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30031"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33755"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1514"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28173"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/716-1/"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://moinmo.in/SecurityFixes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29262"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29444"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/716-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}