PT-2011-2843 · Moinmoin · Moinmoin

Published

2011-02-22

Updated

2022-05-17

CVE-2011-1058

CVSS v4.0

5.1

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions MoinMoin versions prior to 1.9.3

Description A cross-site scripting (XSS) issue exists in the reStructuredText (rst) parser, allowing remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute when docutils is installed or when "format rst" is set.

Recommendations For versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of the refuri attribute in the reStructuredText parser until a patch is available. Restrict access to the reStructuredText parser to minimize the risk of exploitation. Avoid using the refuri attribute with javascript: URLs in the affected API endpoints until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-1058

DSA-2321-1

GHSA-M9J7-XCJ7-42J9

PYSEC-2011-6

Affected Products

Moinmoin

PT-2011-2843 · Moinmoin · Moinmoin

CVE-2011-1058

Weakness Enumeration

Related Identifiers

Affected Products

References · 25