CVE-2011-1058 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst)
parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is
installed or when "format rst" is set, allows remote attackers to inject
arbitrary web script or HTML via a javascript: URL in the refuri attribute.
NOTE: some of these details are obtained from third party information.
Notes
 mdeslaur> description is wrong, this isn't fixed in 1.9.3
Assigned-to
mdeslaur
Package
Source: moin (LP Ubuntu Debian)
Upstream:released (1.9.3-3)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.9.3-1ubuntu3)
Patches:
Upstream:http://hg.moinmo.in/moin/1.9/rev/97208f67798f
Vendor:http://www.debian.org/security/2011/dsa-2321
More Information

Updated: 2019-03-26 11:55:35 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)