DSA-2083-1 moin -- missing input sanitizationID: oval:org.secpod.oval:def:600054 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize parameters when passing them to the add_msg function. This allows a remote attackers to conduct cross-site scripting attacks for example via the template parameter. For the stable distribution , this problem has been fixed in version 1.7.1-3+lenny5. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 1.9.3-1.