CVE-2016-7148

Name of the Vulnerable Software and Affected Versions MoinMoin version 1.9.8

Description The issue allows remote attackers to conduct JavaScript injection attacks by using the page creation approach, related to a Cross Site Scripting (XSS) issue affecting the action=AttachFile component via page name.

Recommendations For MoinMoin version 1.9.8, consider restricting access to the action=AttachFile component until a patch is available. As a temporary workaround, avoid using the page creation approach to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.