N/A

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.

N/A

N/A

MoinMoin 多个跨站脚本漏洞

MoinMoin是一套开源的、可扩展的基于Python环境的wiki引擎程序。 MoinMoin中存在多个跨站脚本漏洞，远程攻击者借助以下几种方式注入任意的Web脚本或HTML：(1)被formatter/text_gedit.py处理过的某一个输入(又称图形用户界面编辑格式程序)；(2)一个页名，当页被受害者在删除页操作中成功删除时，它会触发对PageEditor.py的注入；(3)重命名页操作的目的页名，当受害者的重命名尝试由于是个复制的名字而失败时，它会触发对PageEditor.py的注入。

N/A

N/A