Package: moin
Version: 1.7.1-3+lenny2
Severity: important
Tags: security

An XSS have been reported upstream:
> There is a possible reflected Cross-Site Scripting attack. An attacker
> able to cause a user to follow a specially crafted malicious link may be
> able to recover session identifiers or exploit browser vulnerabilities.

Moin 1.9.2 (unstable) and 1.7 (lenny) are supposed to be affected.

See:
 http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to