CVE-2011-1058

Published: 22 February 2011

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.

Priority

Low

Status

Package Release Status
moin
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.3-3)
Patches:
Upstream: http://hg.moinmo.in/moin/1.9/rev/97208f67798f
Vendor: http://www.debian.org/security/2011/dsa-2321