Bugtraq mailing list archives
MoinMoin Wiki Engine XSS Vulnerability
From: swhite () securestate com
Date: Tue, 20 Jan 2009 09:25:32 -0700
MoinMoin Wiki Engine Cross-Site Scripting Discovered by: SecureState R&D Team (sasquatch) Website: www.securestate.com Discovered: 01-08-09 Vendor Notified: 01-08-09 Vendor Fix Issued: 01-11-09 (http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1) Vendor Fix: Upgrade to version 1.8.1 Public Posting: 01-19-09 Example: http://moinmo.in/moinmoin/WikiSandBox?rename="><script>alert('rename xss')</script>&action=AttachFile&drawing="><script>alert('drawing xss')</script>
Current thread:
- MoinMoin Wiki Engine XSS Vulnerability swhite (Jan 20)