Candidate: CVE-2009-1482
PublicDate: 2009-04-29 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1482
 http://moinmo.in/SecurityFixes
 https://ubuntu.com/security/notices/USN-774-1
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py
 in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary
 web script or HTML via (1) an AttachFile sub-action in the error_msg
 function or (2) multiple vectors related to package file errors in the
 upload_form function, different vectors than CVE-2009-0260.
Ubuntu-Description:
Notes:
 mdeslaur> debian says etch is not affected, as the XSS vulns are already
 mdeslaur> fixed.
 mdeslaur> I checked dapper and hardy and they don't seem affected either.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526594
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_moin:
 upstream: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1
 upstream: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
upstream_moin: released (1.8.4)
dapper_moin: not-affected (already fixed)
hardy_moin: not-affected (already fixed)
intrepid_moin: released (1.7.1-1ubuntu1.2)
jaunty_moin: released (1.8.2-2ubuntu2.1)
devel_moin: not-affected (1.8.4-1ubuntu1)