{"id":"PYSEC-2017-20","details":"Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","aliases":["CVE-2016-9119","GHSA-5fq5-pfv8-mrfv"],"modified":"2024-04-29T17:11:34.820686Z","published":"2017-01-30T22:59:00Z","references":[{"type":"WEB","url":"https://moinmo.in/SecurityFixes"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3137-1"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3715"},{"type":"WEB","url":"http://www.securityfocus.com/bid/94501"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.8"}]}],"versions":["1.8.4","1.8.5","1.8.6","1.8.7","1.9.0","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2017-20.yaml"}}],"schema_version":"1.7.3"}