{"id":"PYSEC-2026-676","summary":"MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature","details":"Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.","aliases":["CVE-2009-0312","GHSA-cx94-3h5x-cc57"],"modified":"2026-07-06T08:00:44.790439259Z","published":"2026-07-02T14:13:21.309699Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0312"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48306"},{"type":"WEB","url":"https://usn.ubuntu.com/716-1"},{"type":"WEB","url":"https://web.archive.org/web/20090323075215/http://hg.moinmo.in/moin/1.8/raw-file/1.8.2/docs/CHANGES"},{"type":"WEB","url":"https://web.archive.org/web/20100825000634/http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad"},{"type":"WEB","url":"https://web.archive.org/web/20200228151935/http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad"},{"type":"WEB","url":"https://www.debian.org/security/2009/dsa-1715"},{"type":"WEB","url":"http://moinmo.in/SecurityFixes#moin1.8.1"},{"type":"WEB","url":"http://osvdb.org/51632"},{"type":"WEB","url":"http://secunia.com/advisories/33716"},{"type":"WEB","url":"http://secunia.com/advisories/33755"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2009/01/27/4"},{"type":"PACKAGE","url":"https://pypi.org/project/moin"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-cx94-3h5x-cc57"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.2"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-676.yaml"}}],"schema_version":"1.7.5"}