CVE-2009-1482
Published: 29 April 2009
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
Notes
Author | Note |
---|---|
mdeslaur | debian says etch is not affected, as the XSS vulns are already fixed. I checked dapper and hardy and they don't seem affected either. |
Priority
Status
Package | Release | Status |
---|---|---|
moin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(already fixed)
|
hardy |
Not vulnerable
(already fixed)
|
|
intrepid |
Released
(1.7.1-1ubuntu1.2)
|
|
jaunty |
Released
(1.8.2-2ubuntu2.1)
|
|
upstream |
Released
(1.8.4)
|
|
Patches: upstream: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 upstream: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7 |