{"id":"PYSEC-2011-6","details":"Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when \"format rst\" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute.  NOTE: some of these details are obtained from third party information.","aliases":["CVE-2011-1058","GHSA-m9j7-xcj7-42j9"],"modified":"2024-05-01T11:11:45.678208Z","published":"2011-02-22T18:00:00Z","references":[{"type":"WEB","url":"http://moinmo.in/SecurityFixes"},{"type":"ADVISORY","url":"http://secunia.com/advisories/43413"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0455"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/43665"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0571"},{"type":"WEB","url":"http://www.securityfocus.com/bid/46476"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0588"},{"type":"ADVISORY","url":"http://www.debian.org/security/2011/dsa-2321"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1604-1"},{"type":"ADVISORY","url":"http://secunia.com/advisories/50885"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65545"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.3"}]}],"versions":["1.8.4","1.8.5","1.8.6","1.8.7","1.9.0","1.9.1","1.9.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2011-6.yaml"}}],"schema_version":"1.7.3"}