MoinMoin multiple actions cross-site scripting

moinmoin-multiple-actions-xss (41037) The risk level is classified as MediumMedium Risk

Description:

MoinMoin is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the gui editor formatter or when executing the RenamePage or DeletePage action. A remote attacker could exploit this vulnerability using the page name or the destination page name to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

  • Debian, Debian Linux 4.0
  • Gentoo, Linux
  • MoinMoin, MoinMoin 1.5.x prior to 1.5.8

Remedy:

Upgrade to the latest version of MoinMoin (1.5.8 or later), available from the MoinMoin SecurityFixes Web site. See References.

Consequences:

Gain Access

References:

  • moin/1.5 / changeset, fix gui editor formatter XSS issues at http://hg.moinmo.in/moin/1.5/rev/d0152eeb4499.
  • moin/1.5 / changeset, Fixed XSS issue in RenamePage/DeletePage action at http://hg.moinmo.in/moin/1.5/rev/4ede07e792dd.
  • MoinMoin SecurityFixes Web site, Security Fix Announcements, moin 1.5.8 at http://moinmo.in/SecurityFixes.
  • BID-28173: MoinMoin GUI Editor Multiple Cross Site Scripting Vulnerabilities
  • CVE-2008-1098: Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.
  • DSA-1514: moin -- several vulnerabilities
  • GLSA-200803-27: MoinMoin: Multiple vulnerabilities

Reported:

Aug 28, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page