Vulnerability Description
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moinmo | Moinmoin | 1.9.8 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3715
- http://www.securityfocus.com/bid/94259
- http://www.ubuntu.com/usn/USN-3137-1
- https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.htmlExploitThird Party Advisory
- http://www.debian.org/security/2016/dsa-3715
- http://www.securityfocus.com/bid/94259
- http://www.ubuntu.com/usn/USN-3137-1
- https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.htmlExploitThird Party Advisory
FAQ
What is CVE-2016-7146?
CVE-2016-7146 is a vulnerability with a CVSS score of 6.1 (MEDIUM). MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the act...
How severe is CVE-2016-7146?
CVE-2016-7146 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7146?
Check the references section above for vendor advisories and patch information. Affected products include: Moinmo Moinmoin.