CVE-2017-5934

unknown

Published 2019-01-04 · Modified 2023-11-08

CVSS v3

—

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

VIR risk

—

Description

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Predictions

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	moin	`<1.9.10`	`1.9.10`
PyPI	moin	`<70955a8eae091cc88fd9a6e510177e70289ec024\|\|<1.9.10`	`70955a8eae091cc88fd9a6e510177e70289ec024`

References

https://nvd.nist.gov/vuln/detail/CVE-2017-5934
https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
https://github.com/moinwiki/moin-1.9
https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml
https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html
https://usn.ubuntu.com/3794-1
https://www.debian.org/security/2018/dsa-4318
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html
http://moinmo.in/SecurityFixes
https://usn.ubuntu.com/3794-1/
https://github.com/advisories/GHSA-42fp-4hm3-j8r7

💬 Discuss CVE-2017-5934 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.