CVE-2012-6082

Published: 03 January 2013

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.

Priority

Medium

Status

Package Release Status
moin
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.5-4)
Patches:
Upstream: http://hg.moinmo.in/moin/1.9/rev/c98ec456e493

Notes

AuthorNote
jdstrand
page.page_name not used in rsslink() in Ubuntu 12.10 and lower.
Introduced with http://hg.moinmo.in/moin/1.9/rev/f7a570f3c1cb (Ubuntu 13.04
only)

References