VDB
KO

PYSEC-2026-673

MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters

Details

Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / moin
Introduced in: 0 Fixed in: 1.5.8
Fix pip install --upgrade 'moin>=1.5.8'

References