moin -- missing input sanitization

2010-08-02T00:00:00
ID DSA-2083
Type debian
Reporter Debian
Modified 2010-08-02T00:00:00

Description

It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting (XSS) attacks for example via the template parameter.

For the stable distribution (lenny), this problem has been fixed in version 1.7.1-3+lenny5.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 1.9.3-1.