CVE-2011-1058

Name of the Vulnerable Software and Affected Versions MoinMoin versions prior to 1.9.3

Description A cross-site scripting (XSS) issue exists in the reStructuredText (rst) parser, allowing remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute when docutils is installed or when "format rst" is set.

Recommendations For versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of the refuri attribute in the reStructuredText parser until a patch is available. Restrict access to the reStructuredText parser to minimize the risk of exploitation. Avoid using the refuri attribute with javascript: URLs in the affected API endpoints until the issue is resolved.