Hi, I reported the xss in moinmoin which is made possible via the RST
parser / mark-up.
Here is a demonstration / proof of concept of abusing the refuri via a
javascript link.

{{{#!rst
"`NotMe <javascript:alert(1)>`_" , "MORELOL"
}}}



Information about CVE-2011-1058 can also be found at
http://secunia.com/advisories/cve_reference/CVE-2011-1058/