MoinMoin Wiki (XSS in rss link) | BOT24

MoinMoin Wiki (XSS in rss link)


There is an XSS issue in MoinMoin wiki, version 1.9.5. Function
rsslink() in "theme/__init__.py" does not properly escape the page name
parameter.

Details can be found at: http://moinmo.in/SecurityFixes

A fix is available at: http://hg.moinmo.in/moin/1.9/rev/c98ec456e493


kind regards,
Tilmann Haak
Email: tilmann@larpwiki.de



//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information

Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment