Several cross-site scripting vulnerabilities were discovered in moin, a
Python clone of WikiWiki. A remote attacker can conduct cross-site
scripting attacks via the GUI editor’s attachment dialogue
(CVE-2016-7146),
the AttachFile view (CVE-2016-7148)
and the GUI editor’s link dialogue (CVE-2016-9119).
For the stable distribution (jessie), these problems have been fixed in
version 1.9.8-1+deb8u1.
We recommend that you upgrade your moin packages.