FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1058

This CVE name corresponds to:

Entered Topic
2012-09-05 moinmoin -- cross-site scripting via RST parser

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-1058
Phase Assigned(20110221)

Description

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.

References

Source Reference
CONFIRM http://moinmo.in/SecurityFixes
DEBIAN DSA-2321
FEDORA FEDORA-2011-2156
FEDORA FEDORA-2011-2157
FEDORA FEDORA-2011-2219
UBUNTU USN-1604-1
BID 46476
SECUNIA 43413
SECUNIA 43665
SECUNIA 50885
VUPEN ADV-2011-0455
VUPEN ADV-2011-0571
VUPEN ADV-2011-0588
XF moinmoin-refuri-xss(65545)