Your submission was sent successfully! Close

CVE-2012-6082

Published: 3 January 2013

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.

Priority

Medium

Status

Package Release Status
moin
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable
(1.9.3-1ubuntu3.1)
raring
Released (1.9.5-4ubuntu1)
upstream
Released (1.9.5-4)
Patches:
upstream: http://hg.moinmo.in/moin/1.9/rev/c98ec456e493

Notes

AuthorNote
jdstrand
page.page_name not used in rsslink() in Ubuntu 12.10 and lower.
Introduced with http://hg.moinmo.in/moin/1.9/rev/f7a570f3c1cb (Ubuntu 13.04
only)

References