Moderate severityNVD Advisory· Published Jul 30, 2008· Updated Apr 23, 2026

CVE-2008-3381

Description

Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moinPyPI	< 1.6.4	1.6.4
moinPyPI	>= 1.7.0, < 1.7.1	1.7.1

Affected products

Moinmoin/Moinmoin2 versions
cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hg.moinmo.in/moin/1.6/rev/8686a10f1f58nvdExploitWEB
hg.moinmo.in/moin/1.7/rev/383196922b03nvdExploitWEB
moinmo.in/SecurityFixesnvdExploitWEB
secunia.com/advisories/31135nvdVendor AdvisoryWEB
github.com/advisories/GHSA-q7q4-5g8p-33fqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2008-3381ghsaADVISORY
www.securityfocus.com/bid/30297nvdWEB
www.vupen.com/english/advisories/2008/2147/referencesnvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/43899nvdWEB
github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2008-13.yamlghsaWEB
web.archive.org/web/20090522153829/http://hg.moinmo.in/moin/1.7/raw-file/1.7.1/docs/CHANGESghsaWEB
web.archive.org/web/20100207003615/http://hg.moinmo.in/moin/1.6/raw-file/1.6.4/docs/CHANGESghsaWEB
web.archive.org/web/20100608030052/http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58ghsaWEB
web.archive.org/web/20100608030059/http://hg.moinmo.in/moin/1.7/rev/383196922b03ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000