Tilmann Haak

**Name of the Vulnerable Software and Affected Versions** XML::LibXML versions prior to 2.0119 **Description** The issue allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the `new` or `load xml` function. This is due to the ` clone` function not properly setting the `expand entities` option. **Recommendations** For XML::LibXML versions prior to 2.0119, update to version 2.0119 or later to resolve the issue. As a temporary workaround, consider disabling the ` clone` function or restricting the use of the `new` and `load xml` functions until a patch is available. Avoid using these functions with untrusted XML data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MoinMoin versions 1.9.5 through 1.9.5 MoinMoin versions prior to 1.9.6 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the rsslink function, located in theme/ init .py. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the page name in an RSS link. **Recommendations** For MoinMoin version 1.9.5, update to version 1.9.6 or later. For MoinMoin versions prior to 1.9.6, update to version 1.9.6 or later. As a temporary workaround, consider restricting access to the rsslink function in theme/ init .py to minimize the risk of exploitation.