CVE-2011-1058Cross-site Scripting in Moinmoin

CWE-79Cross-site Scripting7 documents5 sources
Severity
2.6LOWNVD
EPSS
0.6%
top 30.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moinmo Moinmoin
Timeline
PublishedFeb 22
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDmoinmo/moinmoin1.9.2+54

Patches

Patch: moinmo.inPatch: moinmo.in

🔴Vulnerability Details

3
OSV
MoinMoin Cross-site Scripting (XSS) vulnerability2022-05-17
GHSA
MoinMoin Cross-site Scripting (XSS) vulnerability2022-05-17
OSV
CVE-2011-1058: Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst2011-02-22

📋Vendor Advisories

1
Ubuntu
MoinMoin vulnerabilities2012-10-11

💬Community

2
Bugzilla
CVE-2011-1058 MoinMoin: XSS in the rst parser2011-02-22
Bugzilla
CVE-2011-1058 MoinMoin: XSS in the rst parser [fedora-all]2011-02-22
CVE-2011-1058 — Cross-site Scripting in Moinmo Moinmoin | cvebase