Red Hat Bugzilla – Bug 238722
CVE-2007-2423: moin <= 1.5.7 XSS
Last modified: 2007-11-30 17:12:03 EST
"Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows
remote attackers to inject arbitrary web script or HTML via the do parameter in
an AttachFile action, a different vulnerability than CVE-2007-0857."
And once again, no patch to be found anywhere... not to mention half the reports
mentionning "PHP" or "index.php" vulnerability... *sigh*
Debian has a really great MoinMoin package, and seems to track upstream really
I've reviewed, included and tested 4 security patches from Debian, which should
fix CVE-2007-0857, CVE-2007-0901, CVE-2007-0902 and CVE-2007-2423 (and other
security bugs too).
I've updated F7,6,5 and EL5,4 branches (all current).