Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3381 to the following vulnerability: Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Upstream patches (1.6 and 1.7 branches): http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58 http://hg.moinmo.in/moin/1.7/rev/383196922b03 References: http://moinmo.in/SecurityFixes#moin1.6.3 http://secunia.com/advisories/31135
There's no MoinMoin/macro/AdvancedSearch.py in moin 1.5.9 in F-8, so it's probably unaffected.
moin-1.6.4-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/moin-1.6.4-1.fc10
moin-1.6.4-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/moin-1.6.4-1.fc9
moin-1.6.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
moin-1.6.4-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
I'm closing this bug because the fix has been pushed and the update had security team approval. Please reopen if something related to this vulnerability is not fixed.