Launchpad.net

CVE 2011-1058

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2011-1058 (Candidate) is related to these bugs:

Bug #1046616: FFe: Please merge moin 1.9.4-8 (main) from Debian unstable

Summary				In	Importance	Status
	1046616	FFe: Please merge moin 1.9.4-8 (main) from Debian unstable		moin (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://moinmo.in/Secur...
SECUNIA: 43413
VUPEN: ADV-2011-0455
FEDORA: FEDORA-2011-2156
FEDORA: FEDORA-2011-2157
FEDORA: FEDORA-2011-2219
BID: 46476
SECUNIA: 43665
VUPEN: ADV-2011-0571
VUPEN: ADV-2011-0588
DEBIAN: DSA-2321
UBUNTU: USN-1604-1
SECUNIA: 50885
XF: moinmoin-refuri-xss(65...