Moderate severityNVD Advisory· Published Apr 29, 2009· Updated Apr 23, 2026

CVE-2009-1482

Description

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moinPyPI	< 1.8.3	1.8.3

Affected products

Moinmo/Moinmoin
cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*
Moinmoin/Moinmoin39 versions
cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*+ 38 more
- cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*range: <=1.8.2
- cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

moinmo.in/SecurityFixesnvdPatchVendor AdvisoryWEB
hg.moinmo.in/moin/1.8/rev/5f51246a4df1nvdExploitWEB
secunia.com/advisories/34821nvdVendor Advisory
www.vupen.com/english/advisories/2009/1119nvdVendor Advisory
github.com/advisories/GHSA-4pfg-2frf-f67vghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2009-1482ghsaADVISORY
www.debian.org/security/2009/dsa-1791nvdWEB
www.ubuntu.com/usn/USN-774-1nvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/50356nvdWEB
github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2009-6.yamlghsaWEB
web.archive.org/web/20140724194431/http://secunia.com/advisories/34945ghsaWEB
web.archive.org/web/20140803154414/http://secunia.com/advisories/35024ghsaWEB
web.archive.org/web/20140805081742/http://secunia.com/advisories/34821ghsaWEB
web.archive.org/web/20200301062001/http://www.securityfocus.com/bid/34631ghsaWEB
secunia.com/advisories/34945nvd
secunia.com/advisories/35024nvd
www.securityfocus.com/bid/34631nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000