Red Hat Bugzilla – Bug 438658
CVE-2008-1098: moin multiple XSS issues
Last modified: 2009-04-15 22:57:40 EDT
"Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and
earlier allow remote attackers to inject arbitrary web script or HTML via (1)
certain input processed by formatter/text_gedit.py (aka the gui editor
formatter); (2) a page name, which triggers an injection in PageEditor.py when
the page is successfully deleted by a victim in a DeletePage action; or (3) the
destination page name for a RenamePage action, which triggers an injection in
PageEditor.py when a victim's rename attempt fails because of a duplicate name."
F-7, F-8, EPEL-4 and EPEL-5 have 1.5.8 in CVS. Should be fixed upstream in
1.5.9, links to fixes at http://moinmo.in/SecurityFixes
moin-1.5.9-1.fc8 has been submitted as an update for Fedora 8
moin-1.5.9-1.fc7 has been submitted as an update for Fedora 7
moin-1.5.9-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
moin-1.5.9-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
I've taken over as the new moin maintainer. This bug could probably be closed, as 1.5.9 or higher is in all active branches?
Yes, you're right. I'll close it.