GHSA-JHXW-4HW4-MHH7 MoinMoin improper access control on the included page for the rst parser

The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...

MoinMoin improper access control on the included page for the rst parser

The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...

CVE-2022-23602 Nim's rst parser sandboxed mode allows include which can embed any local file

Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum'...

Paragon Initiative Enterprises: [Airship CMS] Local File Inclusion - RST Parser

Airship uses the very useful RST Parser from Gregwar. However, the parser has the RST directive include built-in why it isn't a separate directive per the spec, I don't know. However, as a result, LFI is possible in Airship. I realize this isn't directly Paragonie's code, but since Airship uses...

FreeBSD : moinmoin -- XSS via RST parser (4a8a98ab-f745-11e1-8bd8-0022156e8794)

MITRE CVE team reports : Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when 'format rst' is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the...

Moinmoin Cross Site Scripting

Hi, I reported the xss in moinmoin which is made possible via the RST parser / mark-up. Here is a demonstration / proof of concept of abusing the refuri via a javascript link. !rst "NotMe " , "MORELOL" Information about CVE-2011-1058 can also be found at...

Fedora 15 : moin-1.9.3-4.fc15 (2011-2219)

Bug 679523 - CVE-2011-1058 MoinMoin: XSS in the rst parser Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

moinmoin -- cross-site scripting via RST parser

MITRE CVE team reports: Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refu...

PYSEC-2009-11

The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...

CVE-2008-6548

The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...