CVE-2009-1482: MoinMoin Cross-site Scripting (XSS) vulnerability
(updated )
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py
in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg
function or (2) multiple vectors related to package file errors in the upload_form
function, different vectors than CVE-2009-0260.
References
- exchange.xforce.ibmcloud.com/vulnerabilities/50356
- github.com/advisories/GHSA-4pfg-2frf-f67v
- github.com/moinwiki/moin
- github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2009-6.yaml
- nvd.nist.gov/vuln/detail/CVE-2009-1482
- web.archive.org/web/20140724194431/http://secunia.com/advisories/34945
- web.archive.org/web/20140803154414/http://secunia.com/advisories/35024
- web.archive.org/web/20140805081742/http://secunia.com/advisories/34821
- web.archive.org/web/20200301062001/http://www.securityfocus.com/bid/34631
Detect and mitigate CVE-2009-1482 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →