CVE-2011-1058 Information
Description
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3 when docutils is installed or when \format rst\ is set allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html http://moinmo.in/SecurityFixes http://secunia.com/advisories/43413 http://secunia.com/advisories/43665 http://secunia.com/advisories/50885 http://www.debian.org/security/2011/dsa-2321 http://www.securityfocus.com/bid/46476 http://www.ubuntu.com/usn/USN-1604-1 http://www.vupen.com/english/advisories/2011/0455 http://www.vupen.com/english/advisories/2011/0571 http://www.vupen.com/english/advisories/2011/0588 https://exchange.xforce.ibmcloud.com/vulnerabilities/65545
Share on: