CVE-2017-5934

NameCVE-2017-5934
DescriptionCross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1546-1, DSA-4318-1
NVD severitymedium (attack range: remote)
Debian Bugs910776

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
moin (PTS)jessie1.9.8-1+deb8u1vulnerable
jessie (security)1.9.8-1+deb8u2fixed
buster, stretch, sid, stretch (security)1.9.9-1+deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moinsource(unstable)1.9.9-1+deb9u1medium910776
moinsourcejessie1.9.8-1+deb8u2mediumDLA-1546-1
moinsourcestretch1.9.9-1+deb9u1mediumDSA-4318-1

Notes

https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024

Search for package or bug name: Reporting problems