Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: MoinMoin Wiki (XSS in rss link)
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 29 Dec 2012 20:41:01 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/29/2012 07:37 AM, Tilmann Haak wrote:
Hi all,

there is an XSS issue in MoinMoin wiki, version 1.9.5. Function 
rsslink() in "theme/__init__.py" does not properly escape the page
name parameter.

Details can be found at: http://moinmo.in/SecurityFixes

A fix is available at:
http://hg.moinmo.in/moin/1.9/rev/c98ec456e493

Could you please assign a CVE number?

kind regards, Tilmann


Please use CVE-2012-6082 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ37fNAAoJEBYNRVNeJnmTpYEP/A0cs4VB2U3aUQE03Toh7cHH
j0hjXhMRImATSDwI61qay9CUOhm1Hr5G0bNXs7XWGy95wGaxOzX62i241dpWa7Bf
qj1sWwDH960ZiVx9712B7Gxab6kVeQjpluBLqcpwazilh4mPjwES5a0AZuQbS0nw
DrjbDvXs/bWFGLZf8PnQ/CWZWVOiO/4pXn8dcWaz2FA7ZwPK8FMn7gp5BvZAlzpI
ruxOGpCJ5UiFgMFht/x8rk4HPf+vYnDbO5H9dvf68JyzTTG1klxqFSSYD5aEilLi
P8WXL4Rfjmu/XPasW20tnPMmZq8720QU+jmuARNGAEpsKwE2aDdxk+qiJ12I4UYu
HRHMsMEyvmPTrkGiwTx0ELoTwPTF8XASX6LhSir+tc/yO3Z5Rv+RzfIr1hUWj197
NYk30W/m2XTJOWBc+hgLtmqMxJXwbcmRfdbribpok7O/pxVFToWufPui0uuQLuBg
N90wgaFgGTVE1Zig6sWhzRSRtSgB6vngMDxNr4TTLXyij/jRZprN3Pj0miLCvyay
lqP8+XNKC13yvSG+1rioHYVaoh7FlORHxTE2jLiQzaNWxoyNFlSTb0U4fGgDo8XC
4YrAKZxQqGD1yK7pzeMUwhd159U6PGDH/cOr6gffmH2trp3oj2C9zml/BaZj5vJn
teeSNebc390umJaM+HUm
=kR7s
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault