Red Hat Bugzilla – Bug 482791
CVE-2009-0312 moin: XSS issue in antispam
Last modified: 2016-03-04 06:28:54 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0312 to the following vulnerability:
Cross-site scripting (XSS) vulnerability in the antispam feature
(security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote
attackers to inject arbitrary web script or HTML via crafted,
Upstream commits (1.7.x and 1.8.x):
Seems to affect 1.6.3 currently in Fedora too.
moin-1.6.4-1.fc10 has been submitted as an update for Fedora 10.
moin-1.6.4-1.fc9 has been submitted as an update for Fedora 9.
moin-1.6.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
moin-1.6.4-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This looks to also affect moin 1.5.9 in EPEL4 and 5 (util/antispam.py). Can this be corrected there as well?