CVE-2011-1058
published 2011-02-22CVE-2011-1058: Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or…
PriorityP49low2.6CVSS 2.0
AVNACHAuNCNIPAN
EPSS
2.52%
82.8th percentile
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
Affected
55 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | <= 1.9.2 | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_ubuntu2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MoinMoin Cross-site Scripting (XSS) vulnerability
osv·2022-05-17
CVE-2011-1058 [MEDIUM] MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in `parser/text_rst.py` in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
GHSA
MoinMoin Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-17
CVE-2011-1058 [MEDIUM] CWE-79 MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in `parser/text_rst.py` in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
OSV
CVE-2011-1058: Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst
osv·2011-02-22
CVE-2011-1058 CVE-2011-1058: Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2012-10-11·CVSS 2.6
CVE-2011-1058 [LOW] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: Several security issues were fixed in MoinMoin.
It was discovered that MoinMoin did not properly sanitize certain input,
resulting in a cross-site scripting (XSS) vulnerability. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain. (CVE-2011-1058)
It was discovered that MoinMoin incorrectly handled group names that
contain virtual group names such as "All", "Known" or "Trusted". This could
result in a remote user having incorrect permissions. (CVE-2012-4404)
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1058 MoinMoin: XSS in the rst parser
bugzilla·2011-02-22·CVSS 2.6
CVE-2011-1058 [LOW] CVE-2011-1058 MoinMoin: XSS in the rst parser
CVE-2011-1058 MoinMoin: XSS in the rst parser
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1058 to
the following vulnerability:
Cross-site scripting (XSS) vulnerability in the rst parser in
parser/text_rst.py in MoinMoin before 1.9.3, when docutils is
installed or when "format rst" is set, allows remote attackers to
inject arbitrary web script or HTML via a javascript: URL.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1058
[2] http://moinmo.in/SecurityFixes
Relevant changeset:
[3] http://hg.moinmo.in/moin/1.9/rev/97208f67798f
Discussion:
This issue affects the versions of the moin package, as shipped with
Fedora release of 13 and 14.
Please schedule an update.
--
This issue did NOT affect the versions of the moin package, as presen
Bugzilla
CVE-2011-1058 MoinMoin: XSS in the rst parser [fedora-all]
bugzilla·2011-02-22·CVSS 2.6
CVE-2011-1058 [LOW] CVE-2011-1058 MoinMoin: XSS in the rst parser [fedora-all]
CVE-2011-1058 MoinMoin: XSS in the rst parser [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=679523
Please note: this issue affects multiple supported versi
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.htmlhttp://moinmo.in/SecurityFixeshttp://secunia.com/advisories/43413http://secunia.com/advisories/43665http://secunia.com/advisories/50885http://www.debian.org/security/2011/dsa-2321http://www.securityfocus.com/bid/46476http://www.ubuntu.com/usn/USN-1604-1http://www.vupen.com/english/advisories/2011/0455http://www.vupen.com/english/advisories/2011/0571http://www.vupen.com/english/advisories/2011/0588https://exchange.xforce.ibmcloud.com/vulnerabilities/65545http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.htmlhttp://moinmo.in/SecurityFixeshttp://secunia.com/advisories/43413http://secunia.com/advisories/43665http://secunia.com/advisories/50885http://www.debian.org/security/2011/dsa-2321http://www.securityfocus.com/bid/46476http://www.ubuntu.com/usn/USN-1604-1http://www.vupen.com/english/advisories/2011/0455http://www.vupen.com/english/advisories/2011/0571http://www.vupen.com/english/advisories/2011/0588https://exchange.xforce.ibmcloud.com/vulnerabilities/65545
2011-02-22
Published