Moderate severityNVD Advisory· Published Feb 8, 2007· Updated Apr 23, 2026

CVE-2007-0857

Description

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moinPyPI	< 1.5.7	1.5.7

Affected products

Moinmoin/Moinmoin11 versions
cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*range: <=1.5.6
- cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24096nvdPatchVendor AdvisoryWEB
github.com/advisories/GHSA-m84w-vgwf-p893ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2007-0857ghsaADVISORY
moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGESnvdWEB
osvdb.org/31871nvdWEB
osvdb.org/31872nvdWEB
osvdb.org/31873nvdWEB
secunia.com/advisories/24117nvdWEB
www.osvdb.org/31874nvdWEB
www.securityfocus.com/bid/22506nvdWEB
www.ubuntu.com/usn/usn-421-1nvdWEB
www.vupen.com/english/advisories/2007/0553nvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/32377nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000