Moderate severity vulnerability that affects moin · CVE-2017-5934 · GitHub Advisory Database · GitHub

Moderate severity vulnerability that affects moin

Moderate severity GitHub Reviewed Published Jan 4, 2019 to the GitHub Advisory Database • Updated Sep 27, 2024

Package

moin (pip)

Affected versions

< 1.9.10

Patched versions

1.9.10

Description

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

Published to the GitHub Advisory Database Jan 4, 2019

Reviewed Jun 16, 2020

Last updated Sep 27, 2024

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Active

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality Low

Integrity Low

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N