FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

moinmoin -- cross-site scripting via RST parser

Affected packages
moinmoin < 1.9.4

Details

VuXML ID 4a8a98ab-f745-11e1-8bd8-0022156e8794
Discovery 2011-02-21
Entry 2012-09-05

MITRE CVE team reports:

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute.

References

Bugtraq ID 46476
CVE Name CVE-2011-1058
URL http://moinmo.in/SecurityFixes