Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0260 to the following vulnerability:
Multiple cross-site scripting (XSS) vulnerabilities in
action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers
to inject arbitrary web script or HTML via an AttachFile action to the
WikiSandBox component with (1) the rename parameter or (2) the drawing
parameter (aka the basename variable).
Fixed upstream in 1.7.3 and 1.8.1.
Upstream patch (1.7.x and 1.8.x):
Both flaws seem to exist in 1.6.x as well. Upstream does not longer support 1.6 branch.
moin-1.6.4-1.fc10 has been submitted as an update for Fedora 10.
moin-1.6.4-1.fc9 has been submitted as an update for Fedora 9.
moin-1.6.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
moin-1.6.4-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
As the update has been pushed and it was approved by the security team, I'll close this bug. If something related to this vulnerability has not been fixed, please reopen this bug report.