CVE-2016-9119

NameCVE-2016-9119
DescriptionCross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-717-1, DSA-3715-1
Debian Bugs844338

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
moin (PTS)jessie, jessie (lts)1.9.8-1+deb8u2fixed
stretch (security), stretch (lts), stretch1.9.9-1+deb9u2fixed
buster (security), buster, buster (lts)1.9.9-1+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moinsourcewheezy1.9.4-8+deb7u3DLA-717-1
moinsourcejessie1.9.8-1+deb8u1DSA-3715-1
moinsource(unstable)1.9.9-1844338

Notes

Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
Search for package or bug name: Reporting problems