It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachements or performing other sub-actions.
The oldstable distribution (etch) is not vulnerable.
For the stable distribution (lenny), this problem has been fixed in version 1.7.1-3+lenny2.
For the testing (squeeze) distribution and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your moin packages.