Home page logo

oss-sec logo oss-sec mailing list archives

XSLT issue in MoinMoin
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Tue, 24 Jan 2012 21:07:03 +0100


some vulnerabilities have been published with version 1.9.3 of
MoinMoin : http://moinmo.in/SecurityFixes

The XSS already has a CVE but not the XSLT issue. This issue is very
similar to CVE-2012-0057 patched in PHP 5.3.9 (except the XSLT engine
which is here '4Suite').

The patch is simply a documentation update, given that 4Suite (afaik)
doesn't allow to desactivate its extensions :

Nicolas Grégoire

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]