PYSEC-2026-678

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-678.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-678
Aliases
Published
2026-07-02T14:13:20.067749Z
Modified
2026-07-06T08:00:43.480492817Z
Summary
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Details

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

References

Affected packages

PyPI / moin

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.7

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2026-678.yaml"