CVE-2010-2487
moin - cross-site scripting
6.1
MEDIUM
CVSS 3.1
EPSS 1.3%
Description
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
How to fix CVE-2010-2487
To remediate CVE-2010-2487, upgrade the affected package to a fixed version below.
- —upgrade to 1.7.1-3+lenny5 or later
- —no fix listed
- —upgrade to 1.8.8 or later
Is CVE-2010-2487 being exploited?
Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.7.1-3+lenny5
- from 0, <= 1.7.3
- >= 1.8, < 1.8.8, >= 1.9, < 1.9.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |