Moderate severityNVD Advisory· Published Aug 5, 2010· Updated Apr 29, 2026
CVE-2010-2970
CVE-2010-2970
Description
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
MoinPyPI | >= 1.9.0, < 1.9.3 | 1.9.3 |
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsgnvdVendor AdvisoryWEB
- moinmo.in/SecurityFixesnvdVendor AdvisoryWEB
- secunia.com/advisories/40836nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1981nvdVendor Advisory
- github.com/advisories/GHSA-gxh5-r8gp-pjc3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-2970ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cginvdWEB
- hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGESnvdWEB
- hg.moinmo.in/moin/1.9/rev/4fe9951788cbnvdWEB
- hg.moinmo.in/moin/1.9/rev/e50b087c4572nvdWEB
- marc.infonvdWEB
- marc.infonvdWEB
- moinmo.in/MoinMoinRelease1.9nvdWEB
- www.debian.org/security/2010/dsa-2083nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-18.yamlghsaWEB
- web.archive.org/web/20140801154518/http://secunia.com/advisories/40836ghsaWEB
- web.archive.org/web/20200228150629/http://www.securityfocus.com/bid/40549ghsaWEB
- www.securityfocus.com/bid/40549nvd
News mentions
0No linked articles in our index yet.