漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities.
漏洞危害
With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
解决方案
Refer to Ubuntu advisory USN-3137-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3137-1: 14.04 (Kylin) on src (python-moinmoin)
USN-3137-1: 16.10 (Yakkety) on src (python-moinmoin)
0day
文章评论