vendor:
MoinMoin
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: MoinMoin
Affected Version From: 1.9.2002
Affected Version To: 1.9.2002
Patch Exists: YES
Related CWE: Unknown
CPE: a:moinmoin:moinmoin:1.9.2
Platforms Tested:
Unknown
Cross-Site Scripting Vulnerability in MoinMoin
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Mitigation:
To mitigate this vulnerability, it is recommended to update MoinMoin to version 1.9.3 or later. Additionally, it is advised to sanitize and validate user-supplied input data to prevent XSS attacks.