MoinMoin "User-Agent" Script Insertion Vulnerability


Description   A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to conduct script insertion attacks.
Input passed via the "User-Agent" HTTP header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
The vulnerability is reported in versions prior to 1.9.7.
     
Vulnerable Products   Vulnerable Software:
MoinMoin 1.x
     
Solution   Update to version 1.9.7.
     
CVE  
     
References   http://moinmo.in/SecurityFixes
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Code injection in HTTP User-Agent detected
4.1.2
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2014-08-21 

 Target Type 
Client 

 Possible exploit 
Remote