Launchpad.net

CVE 2008-0781

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.

Related bugs and status

CVE-2008-0781 (Candidate) is related to these bugs:

Bug #200897: [moin] [DSA-1514-1] multiple vulnerabilities

		In	Importance	Status
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu)	Undecided	Invalid
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Intrepid)	Undecided	Invalid
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Jaunty)	Undecided	Invalid
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Dapper)	Undecided	Fix Released
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Gutsy)	Undecided	Fix Released
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://hg.moinmo.in/mo...
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2008-1880
FEDORA: FEDORA-2008-1905
BID: 27904
SECUNIA: 29010
SECUNIA: 28987
DEBIAN: DSA-1514
SECUNIA: 29262
GENTOO: GLSA-200803-27
SECUNIA: 29444
SECUNIA: 33755
VUPEN: ADV-2008-0569
UBUNTU: USN-716-1