http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2423 "Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857."
And once again, no patch to be found anywhere... not to mention half the reports mentionning "PHP" or "index.php" vulnerability... *sigh*
Debian has a really great MoinMoin package, and seems to track upstream really closely. I've reviewed, included and tested 4 security patches from Debian, which should fix CVE-2007-0857, CVE-2007-0901, CVE-2007-0902 and CVE-2007-2423 (and other security bugs too). I've updated F7,6,5 and EL5,4 branches (all current).