CVE-2009-0312

Description

Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.

How to fix CVE-2009-0312

To remediate CVE-2009-0312, upgrade the affected package to a fixed version below.

• Debian/moin—upgrade to 1.8.1-1.1 or later
• PyPI/moin—upgrade to 1.8.2 or later

Is CVE-2009-0312 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.8.1-1.1
• from 0, < 1.8.2

References (15)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2009-0312
• WEBhg.moinmo.in/moin/1.7/rev/89b91bf87dad
• WEBhg.moinmo.in/moin/1.8/rev/89b91bf87dad
• WEBmoinmo.in/SecurityFixes#moin1.8.1
• WEBosvdb.org/51632