XSS in Moinmo Moinmoin
CVE-2012-6082
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (61.5th percentile) — read the EPSS interpretation.
Affected products
- Moinmo Moinmoin — versions 1.9.5
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- 51663 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- [oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link) (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- 57089 (vdb-entry, x_refsource_BID)
- [oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link) (mailing-list, x_refsource_MLIST)