CVE-2011-1058

Moinmoin < 1.9.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.

References (14)

[Patch, Vendor Advisory] http://moinmo.in/SecurityFixes

[Vendor Advisory] http://secunia.com/advisories/43413

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1604-1

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0455

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/65545

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46476

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2321

[Third Party Advisory] http://secunia.com/advisories/43665

[Third Party Advisory] http://secunia.com/advisories/50885

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0571

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0588

Scores

EPSS 0.0061

EPSS Percentile 69.4%

Classification

CWE

CWE-79

Status draft

Affected Products (50)

moinmo/moinmoin < 1.9.2

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

... and 35 more

Timeline

Published Feb 22, 2011

Tracked Since Feb 18, 2026