Your submission was sent successfully! Close

CVE-2010-2970

Published: 5 August 2010

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.

Notes

AuthorNote
mdeslaur
see CVE-2010-2487 for patches
Priority

Medium

Status

Package Release Status
moin
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
hardy Not vulnerable
(code not present)
jaunty Not vulnerable
(code not present)
karmic Not vulnerable
(code not present)
lucid
Released (1.9.2-2ubuntu3.1)
upstream
Released (1.9.3)