Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809
hg.moinmo.in/moin/1.7/rev/37306fba2189
hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES
hg.moinmo.in/moin/1.8/rev/4238b0c90871
hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
hg.moinmo.in/moin/1.9/rev/68ba3cc79513
hg.moinmo.in/moin/1.9/rev/e50b087c4572
marc.info/?l=oss-security&m=127799369406968&w=2
marc.info/?l=oss-security&m=127809682420259&w=2
moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
moinmo.in/MoinMoinRelease1.8
moinmo.in/MoinMoinRelease1.9
moinmo.in/SecurityFixes
secunia.com/advisories/40836
www.debian.org/security/2010/dsa-2083
www.securityfocus.com/bid/40549
www.vupen.com/english/advisories/2010/1981