Package: moin Version: 1.7.1-3+lenny2 Severity: important Tags: security An XSS have been reported upstream: > There is a possible reflected Cross-Site Scripting attack. An attacker > able to cause a user to follow a specially crafted malicious link may be > able to recover session identifiers or exploit browser vulnerabilities.
Moin 1.9.2 (unstable) and 1.7 (lenny) are supposed to be affected. See: http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

