DSA-2024 moin -- insufficient input sanitisingID: oval:org.mitre.oval:def:7093 | Date: (C)2010-05-24 (M)2022-10-10 |
Class: PATCH | Family: unix |
Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting attacks. In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and "textcha-answer" form fields.