Vulnerability Details : CVE-2011-1058
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2011-1058
Probability of exploitation activity in the next 30 days: 0.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1058
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:P/A:N |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2011-1058
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1058
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html
[SECURITY] Fedora 14 Update: moin-1.9.3-4.fc14
-
http://www.vupen.com/english/advisories/2011/0455
Webmail | OVH- OVHVendor Advisory
-
http://www.debian.org/security/2011/dsa-2321
Debian -- Security Information -- DSA-2321-1 moin
-
http://moinmo.in/SecurityFixes
SecurityFixes - MoinMoinPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/46476
MoinMoin 'refuri' Cross-Site Scripting Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65545
MoinMoin refuri cross-site scripting CVE-2011-1058 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0588
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0571
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html
[SECURITY] Fedora 13 Update: moin-1.9.3-4.fc13
-
http://www.ubuntu.com/usn/USN-1604-1
USN-1604-1: MoinMoin vulnerabilities | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html
[SECURITY] Fedora 15 Update: moin-1.9.3-4.fc15
Products affected by CVE-2011-1058
- cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.5.5:a:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.8.8:*:*:*:*:*:*:*