—
PYSEC-2026-676
MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature
Details
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2009-0312 [ADVISORY]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48306 [WEB]
- https://usn.ubuntu.com/716-1 [WEB]
- https://web.archive.org/web/20090323075215/http://hg.moinmo.in/moin/1.8/raw-file/1.8.2/docs/CHANGES [WEB]
- https://web.archive.org/web/20100825000634/http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad [WEB]
- https://web.archive.org/web/20200228151935/http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad [WEB]
- https://www.debian.org/security/2009/dsa-1715 [WEB]
- http://moinmo.in/SecurityFixes#moin1.8.1 [WEB]
- http://osvdb.org/51632 [WEB]
- http://secunia.com/advisories/33716 [WEB]
- http://secunia.com/advisories/33755 [WEB]
- http://www.openwall.com/lists/oss-security/2009/01/27/4 [WEB]
- https://pypi.org/project/moin [PACKAGE]
- https://github.com/advisories/GHSA-cx94-3h5x-cc57 [ADVISORY]