GHSA-7HJM-HQGJ-XV9F MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...

PYSEC-2013-5

Directory traversal vulnerability in the doattachmentmove function in the AttachFile action action/AttachFile.py in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. dot dot in a file name...

CVE-2012-6080

Directory traversal vulnerability in the doattachmentmove function in the AttachFile action action/AttachFile.py in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. dot dot in a file name...

CVE-2009-0260

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...

CVE-2009-0260

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...

CVE-2009-0260

Removed by vendor...

Fedora 8 : moin-1.5.8-4.fc8 (2008-1905)

Wed Feb 20 2008 Lubomir Kundrak 1.5.8-4 - Fix CVE-2008-0780 XSS in login action 2f952fa361c7 - Fix CVE-2008-0781 multiple XSS in AttachFile action db212dfc58ef - Fri Feb 8 2008 Matthias Saou 1.5.8-3 - Include e69a16b6e630 1.5 changeset as cookieidfix 432017. Note that Tenable Network Security has...

USN-458-1: MoinMoin vulnerabilities

A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are...

CVE-2007-2423

CVE-2007-2423 refers to a cross-site scripting (XSS) vulnerability in MoinMoin 1.5.7, exploitable via the do parameter in an AttachFile action on index.php. The CVSS v2 base score is 5.8 (PARTIAL impacts to confidentiality and integrity, no impact to availability; network attack vector, no authen...

moinmoin -- multiple vulnerabilities

MoinMoin Security advisory XSS issue in login action XSS issue in AttachFile action XSS issue in RenamePage/DeletePage action XSS issue in gui editor...