CVE-2007-2423

Description

Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

How to fix CVE-2007-2423

To remediate CVE-2007-2423, upgrade the affected package to a fixed version below.

• Debian/moin—upgrade to 1.5.7-3 or later
• Debian/moin—upgrade to 1.5.3-1.2etch1 or later

Is CVE-2007-2423 being exploited?

Low — EPSS is 5.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.5.7-3
• from 0, < 1.5.3-1.2etch1

References (5)

• ADVISORYsecunia.com/advisories/29262
• ADVISORYwww.debian.org/security/2008/dsa-1514
• EXPLOITwww.securityfocus.com/bid/23676
• WEBosvdb.org/36567
• WEBwww.securityfocus.com/data/vulnerabilities/exploits/23676.html