GoogleOSV:PYSEC-2011-6

HistoryFeb 22, 2011 - 6:00 p.m.

PYSEC-2011-6

2011-02-2218:00:00

Google

osv.dev

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.1%

JSON

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when “format rst” is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
moineq1.9.2
moineq1.8.7
moineq1.8.6
moineq1.9.0
moineq1.8.5
moineq1.9.1
moineq1.8.4

Name	Operator	Version
moin	eq	1.9.2
moin	eq	1.8.7
moin	eq	1.8.6
moin	eq	1.9.0
moin	eq	1.8.5
moin	eq	1.9.1
moin	eq	1.8.4

References

lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html

moinmo.in/SecurityFixes

secunia.com/advisories/43413

secunia.com/advisories/43665

secunia.com/advisories/50885

www.debian.org/security/2011/dsa-2321

www.securityfocus.com/bid/46476

www.ubuntu.com/usn/USN-1604-1

www.vupen.com/english/advisories/2011/0455

www.vupen.com/english/advisories/2011/0571

www.vupen.com/english/advisories/2011/0588

exchange.xforce.ibmcloud.com/vulnerabilities/65545

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for OSV:PYSEC-2011-6