EUVD-2011-0017

Malware in sbrugna...

GHSA-452H-RX28-49W9 MoinMoin Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the rsslink function in theme/init.py in MoinMoin before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link...

GHSA-7HJM-HQGJ-XV9F MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...

GHSA-Q7Q4-5G8P-33FQ MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in macro/AdvancedSearch.py in moin and MoinMoin 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-0828

Cross-site scripting XSS vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI...

PYSEC-2009-13

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when aclhierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937...

PYSEC-2009-11

The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...

CVE-2009-0260

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...