CVE-2009-1482

Publication date 29 April 2009

Last updated 24 July 2024

Ubuntu priority

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
moin	9.04 jaunty	Fixed 1.8.2-2ubuntu2.1
	8.10 intrepid	Fixed 1.7.1-1ubuntu1.2
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Notes

mdeslaur

debian says etch is not affected, as the XSS vulns are already fixed. I checked dapper and hardy and they don't seem affected either.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
moin	Upstream: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 Upstream: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7

References

Related Ubuntu Security Notices (USN)