Description
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (6)
Core 6
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4318
Release Notes, Vendor Advisory x_refsource_confirm
http://moinmo.in/SecurityFixes
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3794-1/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html
Scores
CVSS v3
6.1
EPSS
0.0065
EPSS Percentile
71.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (9)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
debian/debian_linux
8.0
debian/debian_linux
9.0
moinmo/moinmoin
< 1.9.10
opensuse/leap
15.0
opensuse/leap
42.3
pypi/moin
0 - 1.9.10PyPI
Published
Oct 15, 2018
Tracked Since
Feb 18, 2026