Catarina Leite

Name of the Vulnerable Software and Affected Versions: MoinMoin versions prior to 1.9.11 Description: The issue is related to the insufficient protection measures of web page structures in the MoinMoin wiki platform, specifically concerning the upload of SVG files. An attacker with `write` permissions can upload an SVG file containing malicious javascript, which will be executed in a user's browser when viewing the SVG file. This can impact the integrity of the data. Recommendations: For versions prior to 1.9.11, upgrade to MoinMoin Wiki 1.9.11, which contains the necessary fixes. As a temporary workaround, consider restricting `write` permissions to only trusted users. Additionally, implementing a Content Security Policy in the web server might be a possible workaround, but upgrading to a patched version is strongly advised.