VDB
KO

PYSEC-2026-676

MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature

Details

Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / moin
Introduced in: 0 Fixed in: 1.8.2
Fix pip install --upgrade 'moin>=1.8.2'

References