PublicDate: 2008-03-05 20:44:00 UTC
Candidate: CVE-2008-1098
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1098
 https://ubuntu.com/security/notices/USN-716-1
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and
 earlier allow remote attackers to inject arbitrary web script or HTML via
 (1) certain input processed by formatter/text_gedit.py (aka the gui editor
 formatter); (2) a page name, which triggers an injection in PageEditor.py
 when the page is successfully deleted by a victim in a DeletePage action;
 or (3) the destination page name for a RenamePage action, which triggers an
 injection in PageEditor.py when a victim's rename attempt fails because of
 a duplicate name.  NOTE: the AttachFile XSS issue is already covered by
 CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
Ubuntu-Description:
Notes:
 jdstrand> 1.7.1 has corrected code
Bugs:
 https://bugs.launchpad.net/bugs/200897
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_moin:
 vendor: http://www.debian.org/security/2008/dsa-1514
 other: http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd
upstream_moin: released (1.5.8-2)
dapper_moin: released (1.5.2-1ubuntu2.4)
edgy_moin: needed (reached end-of-life)
feisty_moin: needed (reached end-of-life)
gutsy_moin: released (1.5.7-3ubuntu2.1)
hardy_moin: not-affected (1.5.8-5.1ubuntu2)
intrepid_moin: not-affected
devel_moin: not-affected