Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| moin(PyPI) | 0 | 1.9.3 | N/A |
CVSS Metrics
