PYSEC-2026-673

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-673.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-673
Aliases
Published
2026-07-02T14:13:20.213871Z
Modified
2026-07-06T08:00:44.526876896Z
Summary
MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters
Details

Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References

Affected packages

PyPI / moin

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.8

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-673.yaml"