233560 – (CVE-2008-3381) www-apps/moinmoin macro/AdvancedSearch.py XSS (CVE-2008-3381)

Bug 233560 (CVE-2008-3381) - www-apps/moinmoin macro/AdvancedSearch.py XSS (CVE-2008-3381)

Summary: www-apps/moinmoin macro/AdvancedSearch.py XSS (CVE-2008-3381)

Status:	RESOLVED FIXED

Alias:	CVE-2008-3381

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://moinmo.in/SecurityFixes
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-08-01 08:45 UTC by Robert Buchholz (RETIRED)
Modified:	2008-08-04 20:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-08-01 08:45:25 UTC

CVE-2008-3381 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3381):
  Multiple cross-site scripting (XSS) vulnerabilities in
  macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote
  attackers to inject arbitrary web script or HTML via unspecified vectors.

Comment 1 Gunnar Wrobel (RETIRED) gentoo-dev

2008-08-01 17:19:58 UTC

Added moinmoin-1.7.1.

Targets:

  amd64 ppc sparc x86

Comment 2 Raúl Porcel (RETIRED) gentoo-dev

2008-08-01 18:15:26 UTC

sparc/x86 stable

Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev

2008-08-03 18:00:18 UTC

ppc stable

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2008-08-04 16:42:57 UTC

amd64 stable

Comment 5 Tobias Heinlein (RETIRED) gentoo-dev

2008-08-04 16:43:25 UTC

Ready for vote, I vote NO.

Comment 6 Robert Buchholz (RETIRED) gentoo-dev

2008-08-04 20:40:21 UTC

NO, closing.