VDB
KO

PYSEC-2026-678

MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Details

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / moin
Introduced in: 0 Fixed in: 1.5.7
Fix pip install --upgrade 'moin>=1.5.7'

References