{"id":"PYSEC-2010-2","details":"MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.","aliases":["CVE-2010-0669","GHSA-977v-29j9-9rxc"],"modified":"2024-04-29T12:11:29.113620Z","published":"2010-02-26T19:30:00Z","references":[{"type":"WEB","url":"http://moinmo.in/MoinMoinRelease1.8"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38444"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2010/02/15/4"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2010/02/15/2"},{"type":"WEB","url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"},{"type":"WEB","url":"http://www.securityfocus.com/bid/38023"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2010/02/21/2"},{"type":"WEB","url":"http://moinmo.in/SecurityFixes"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/0600"},{"type":"ADVISORY","url":"http://www.debian.org/security/2010/dsa-2014"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38903"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.7"},{"introduced":"1.9"},{"fixed":"1.9.2"}]}],"versions":["1.8.4","1.8.5","1.8.6","1.9.0","1.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2010-2.yaml"}}],"schema_version":"1.7.3"}