{"id":"PYSEC-2016-30","details":"MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component.","aliases":["CVE-2016-7146","GHSA-fj26-q4vh-85f6"],"modified":"2024-04-30T08:56:50.761352Z","published":"2016-11-10T17:59:00Z","references":[{"type":"ARTICLE","url":"https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/94259"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3137-1"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3715"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.9"}]}],"versions":["1.8.4","1.8.5","1.8.6","1.8.7","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2016-30.yaml"}}],"schema_version":"1.7.3"}