CVE-2017-5934

NameCVE-2017-5934
DescriptionCross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1546-1, DSA-4318-1
NVD severitymedium
Debian Bugs910776

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
moin (PTS)stretch1.9.9-1+deb9u1fixed
stretch (security)1.9.9-1+deb9u2fixed
buster, buster (security)1.9.9-1+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moinsourcejessie1.9.8-1+deb8u2DLA-1546-1
moinsourcestretch1.9.9-1+deb9u1DSA-4318-1
moinsource(unstable)1.9.9-1+deb9u1910776

Notes

https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024

Search for package or bug name: Reporting problems