Lucene search

K
packetstormDave bPACKETSTORM:98983
HistoryMar 06, 2011 - 12:00 a.m.

Moinmoin Cross Site Scripting

2011-03-0600:00:00
dave b
packetstormsecurity.com
19

0.003 Low

EPSS

Percentile

71.1%

`Hi, I reported the xss in moinmoin which is made possible via the RST  
parser / mark-up.  
Here is a demonstration / proof of concept of abusing the refuri via a  
javascript link.  
  
{{{#!rst  
"`NotMe <javascript:alert(1)>`_" , "MORELOL"  
}}}  
  
  
  
Information about CVE-2011-1058 can also be found at  
http://secunia.com/advisories/cve_reference/CVE-2011-1058/  
`