{"id":"UBUNTU-CVE-2016-7146","details":"MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component.","modified":"2026-02-04T03:59:43.683930Z","published":"2016-11-10T00:00:00Z","related":["USN-3137-1"],"upstream":["CVE-2016-7146"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7146"},{"type":"REPORT","url":"https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3137-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2016-7146"}],"affected":[{"package":{"name":"moin","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/moin@1.9.7-1ubuntu2.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.7-1ubuntu2.1"}]}],"versions":["1.9.5-5ubuntu1","1.9.7-1ubuntu1","1.9.7-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"python-moinmoin","binary_version":"1.9.7-1ubuntu2.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7146.json"}},{"package":{"name":"moin","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/moin@1.9.8-1ubuntu1.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.8-1ubuntu1.16.04.1"}]}],"versions":["1.9.7-2ubuntu3","1.9.8-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"python-moinmoin","binary_version":"1.9.8-1ubuntu1.16.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7146.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}