Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1058 to the following vulnerability: Cross-site scripting (XSS) vulnerability in the rst parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1058 [2] http://moinmo.in/SecurityFixes Relevant changeset: [3] http://hg.moinmo.in/moin/1.9/rev/97208f67798f
This issue affects the versions of the moin package, as shipped with Fedora release of 13 and 14. Please schedule an update. -- This issue did NOT affect the versions of the moin package, as present within EPEL-4 and EPEL-5 repositories.
Created moin tracking bugs for this issue Affects: fedora-all [bug 679524]
Updates are in testing, for example https://admin.fedoraproject.org/updates/moin-1.9.3-4.fc13
Updates are in stable now, closing.