CVE-2008-3381: XSS
First published: Wed Jul 30 2008(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in `macro/AdvancedSearch.py` in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/moin | =1.7.0 | 1.7.1 |
| pip/moin | <=1.6.3 | 1.6.4 |
| Mastodon | =1.6.3 | |
| Mastodon | =1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58
- http://hg.moinmo.in/moin/1.7/rev/383196922b03
- http://moinmo.in/SecurityFixes
- http://www.securityfocus.com/bid/30297
- http://secunia.com/advisories/31135
- http://www.vupen.com/english/advisories/2008/2147/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43899
- https://nvd.nist.gov/vuln/detail/CVE-2008-3381
- https://web.archive.org/web/20090522153829/http://hg.moinmo.in/moin/1.7/raw-file/1.7.1/docs/CHANGES
- https://web.archive.org/web/20100207003615/http://hg.moinmo.in/moin/1.6/raw-file/1.6.4/docs/CHANGES
- https://web.archive.org/web/20100608030052/http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58
- https://web.archive.org/web/20100608030059/http://hg.moinmo.in/moin/1.7/rev/383196922b03
- https://github.com/advisories/GHSA-q7q4-5g8p-33fq (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2008-13.yaml
Frequently Asked Questions
What is the severity of CVE-2008-3381?
CVE-2008-3381 is classified as a high severity vulnerability due to its potential for allowing remote injection of malicious scripts.
How do I fix CVE-2008-3381?
To fix CVE-2008-3381, you should upgrade to version 1.7.1 or later if you are using 1.7.0, or upgrade to version 1.6.4 or later if you are using 1.6.3 or older.
Which versions are affected by CVE-2008-3381?
Versions 1.6.3 and 1.7.0 of MoinMoin are vulnerable to CVE-2008-3381.
What types of attacks can be executed due to CVE-2008-3381?
CVE-2008-3381 allows remote attackers to execute cross-site scripting (XSS) attacks, potentially leading to session hijacking or malicious actions performed on behalf of the user.
Is MoinMoin still maintained to address vulnerabilities like CVE-2008-3381?
MoinMoin has ongoing support, but it's essential to use the latest versions to ensure all known vulnerabilities, including CVE-2008-3381, are patched.
- agent/type
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/references
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-q7q4-5g8p-33fq
- alias/CVE-2008-3381
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- collector/github-advisory
- agent/trending
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- package-manager/pip
- vendor/moinmoin
- canonical/mastodon
- version/mastodon/1.6.3
- version/mastodon/1.7.0