CVE-2016-7146

Name of the Vulnerable Software and Affected Versions MoinMoin version 1.9.8

Description The issue allows remote attackers to conduct JavaScript injection attacks by using the page creation or crafted URL approach, related to a Cross Site Scripting (XSS) issue affecting the "action=fckdialog&dialog=attachment" component via page name.

Recommendations For MoinMoin version 1.9.8, consider disabling the action=fckdialog&dialog=attachment component as a temporary workaround until a patch is available. Restrict access to the page creation feature to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the XSS issue until the problem is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.