A cross-site scripting vulnerability was found in moin in GUI editor's link dialogue. Upstream patch: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
Created moin tracking bugs for this issue: Affects: fedora-all [bug 1395200] Affects: epel-all [bug 1395201]
Hi Andrej This was fixed in 1.9.9, I checked MoinMoin/action/fckdialog.py , it has the escaped variables. 1.9.9 is currently in (fedora|epel)-testing.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.