Lucene search
K
MoinmoMoinmoin

26 matches found

CVE
CVE
added 2020/11/10 4:48 p.m.179 views

CVE-2020-25074

CVE-2020-25074 affects MoinMoin up to version 1.9.10, where the cache action in action/cache.py allows directory traversal via a crafted HTTP request, enabling remote code execution when an attacker can upload attachments. Multiple connected sources confirm the underlying issue and reference a fi...

9.8CVSS9.4AI score0.06121EPSS
CVE
CVE
added 2020/11/11 3:45 p.m.157 views

CVE-2020-15275

MoinMoin wiki engine vulnerability CVE-2020-15275: before version 1.9.11, an attacker with write permissions can upload an SVG containing malicious JavaScript, which executes in the browser when the SVG is viewed. The issue is fixed in MoinMoin 1.9.11; upgrade to that version to remediate (stored...

8.7CVSS7.2AI score0.01725EPSS
CVE
CVE
added 2010/04/05 3:15 p.m.123 views

CVE-2010-0828

CVE-2010-0828 affects MoinMoin Despam.py in the Despam action module, exposing an XSS vulnerability in MoinMoin 1.8.7 and 1.9.2. The issue allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. The vulnerability arises from the Despam actio...

3.5CVSS5AI score0.02243EPSS
CVE
CVE
added 2013/01/03 1:0 a.m.109 views

CVE-2012-6081

CVE-2012-6081 affects MoinMoin before 1.9.6, with multiple unrestricted file upload vulnerabilities in the twikidraw and anywikidraw actions. Remote authenticated users with write permissions can upload a file with an executable extension and access it to execute arbitrary code; this is corrobora...

6CVSS7.4AI score0.30566EPSS
Web
CVE
CVE
added 2018/10/15 7:0 p.m.109 views

CVE-2017-5934

CVE-2017-5934 affects MoinMoin GUI editor’s link dialogue prior to version 1.9.10, where input sanitization weaknesses allow remote XSS. The issue arises in the GUI editor’s link dialogue, enabling an attacker to inject arbitrary script/HTML via unspecified vectors. Public references across advis...

6.1CVSS5.8AI score0.01924EPSS
CVE
CVE
added 2017/01/30 10:0 p.m.95 views

CVE-2016-9119

CVE-2016-9119 is an XSS vulnerability in the link dialogue of the MoinMoin GUI editor prior to 1.9.8, allowing remote injection of script or HTML via unspecified vectors. The connected documents corroborate the issue in MoinMoin’s GUI editor and note a fixed version (1.9.9) released in maintenanc...

6.1CVSS5.8AI score0.01452EPSS
CVE
CVE
added 2010/02/26 7:0 p.m.90 views

CVE-2010-0717

Affected software: MoinMoin prior to version 1.8.7. Issue: The default configuration of cfg.packagepages_actions_excluded does not prevent unsafe package actions, enabling an unspecified impact/attack vector. Several related advisories reference CVE-2010-0717. Impact (stated): Unspecified in init...

7.5CVSS6.3AI score0.01973EPSS
CVE
CVE
added 2013/01/03 1:0 a.m.88 views

CVE-2012-6082

CVE-2012-6082 concerns MoinMoin prior to 1.9.6. The vulnerability is an XSS in the rsslink function (theme/init .py) where the page name parameter is not properly sanitized, allowing remote attackers to inject arbitrary HTML/JavaScript. Public references describe affected versions as 1.9.5 and ea...

4.3CVSS5.7AI score0.02095EPSS
CVE
CVE
added 2013/01/03 1:0 a.m.85 views

CVE-2012-6495

CVE-2012-6081 describes multiple directory traversal/file-upload vulnerabilities in MoinMoin up to version 1.9.6, specifically in the twikidraw (action/twikidraw.py) and anywikidraw (action/anywikidraw.py) actions. The root cause is unrestricted directory traversal and improper sanitization that ...

6CVSS7.2AI score0.18563EPSS
Web
CVE
CVE
added 2011/02/22 5:0 p.m.81 views

CVE-2011-1058

CVE-2011-1058 is a cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser of MoinMoin. The issue occurs in parser/text_rst.py when docutils is installed or when the “format rst” setting is used, allowing remote attackers to inject arbitrary web script or HTML via a javascri...

2.6CVSS5.4AI score0.02517EPSS
CVE
CVE
added 2013/01/03 1:0 a.m.79 views

CVE-2012-6080

MoinMoin is vulnerable to multiple issues (CVE-2012-6080/6081/6082) in versions 1.9.3–1.9.5. The directory traversal flaw in AttachFile.py’s _do_attachment_move allows remote attackers to overwrite arbitrary files by crafting a filename with .., enabling unauthorized file writes. CVE-2012-6081 de...

6.4CVSS6.7AI score0.04019EPSS
Web
CVE
CVE
added 2010/02/26 7:0 p.m.78 views

CVE-2010-0669

CVE-2010-0669 affects MoinMoin Web Wiki: in affected releases (MoinMoin before 1.8.7 and 1.9.x before 1.9.2) the system fails to properly sanitize user profiles, enabling an unspecified impact/attack surface. Public advisories and OSS notices reference additional context across Debian, Fedora, Ge...

7.5CVSS6.3AI score0.01897EPSS
CVE
CVE
added 2010/04/05 3:15 p.m.76 views

CVE-2010-1238

CVE-2010-1238 affects MoinMoin WikiEngine. The issue allows remote attackers to bypass the textcha protection by submitting empty values for textcha-question and textcha-answer, enabling bypass of anti-spam checks. Public references in the provided documents indicate this vulnerability in MoinMoi...

5CVSS6.5AI score0.01975EPSS
CVE
CVE
added 2010/08/04 9:0 p.m.76 views

CVE-2010-2487

CVE-2010-2487 corresponds to MoinMoin XSS vulnerabilities affecting versions up to 1.9.3 (and earlier 1.7.3, 1.8.x until 1.8.8). Affected components include Page.py, PageEditor.py, PageGraphicalEditor.py, and various actions (CopyPage, Load, RenamePage, backup, login, newaccount, recoverpass). Im...

4.3CVSS5.5AI score0.02657EPSS
CVE
CVE
added 2016/11/10 5:0 p.m.76 views

CVE-2016-7148

MoinMoin 1.9.8 is affected by CVE-2016-7148, a Cross Site Scripting (XSS) issue related to the page creation/AttachFile component. The root cause is improper sanitization in the AttachFile/page-name handling, enabling remote JavaScript injection. Some connected sources (GN) reference a fix to 1.9...

6.1CVSS5.9AI score0.01186EPSS
CVE
CVE
added 2010/08/04 9:0 p.m.75 views

CVE-2010-2969

CVE-2010-2969 describes multiple cross-site scripting (XSS) vulnerabilities in MoinMoin up to version 1.7.3 and in the 1.9.x line before 1.9.3. The flaws allow remote attackers to inject arbitrary script/HTML via crafted content in specific modules, notably action/LikePages.py, action/chart.py, a...

4.3CVSS5.7AI score0.0253EPSS
CVE
CVE
added 2012/09/10 10:0 p.m.75 views

CVE-2012-4404

CVE-2012-4404 affects MoinMoin 1.9 through 1.9.4, where security/init .py mishandles group names containing virtual groups (e.g., All, Known, Trusted). This allows remote authenticated users with virtual group membership to be treated as group members, constituting an access-control vulnerability...

6CVSS6AI score0.0209EPSS
CVE
CVE
added 2016/11/10 5:0 p.m.72 views

CVE-2016-7146

CVE-2016-7146 affects MoinMoin 1.9.8, where a Cross-Site Scripting (XSS) flaw allows remote attackers to inject JavaScript via the page creation or crafted URL, specifically through the action=fckdialog&dialog=attachment (via page name) component. Connected advisories corroborate the issue and li...

6.1CVSS5.9AI score0.01186EPSS
CVE
CVE
added 2010/02/26 7:0 p.m.71 views

CVE-2010-0668

CVE-2010-0668 affects MoinMoin 1.5.x–1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2. The vulnerability relates to configurations with a non-empty superuser list, enabled xmlrpc, enabled SyncPages, or configured OpenID, leading to unknown impact per the initial description but with multiple coo...

6.8CVSS6.2AI score0.02181EPSS
CVE
CVE
added 2010/08/04 9:0 p.m.66 views

CVE-2010-2970

MoinMoin 1.9.x prior to 1.9.3 is affected by CVE-2010-2970 (XSS) via crafted content in action/SlideShow.py, action/anywikidraw.py, and action/language_setup.py. The vulnerability allows remote attackers to inject arbitrary script/HTML; impact is partial integrity and potential client-side data e...

4.3CVSS5.7AI score0.0253EPSS
CVE
CVE
added 2010/03/29 8:0 p.m.65 views

CVE-2009-4762

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 have an ACL handling flaw where parent ACLs are checked in inappropriate circumstances during processing of hierarchical ACLs, allowing remote attackers to bypass access restrictions by requesting an item. The issue is documented as CVE-2009-4762...

7.5CVSS6.5AI score0.03001EPSS
CVE
CVE
added 2009/03/30 1:0 a.m.61 views

CVE-2008-6548

Summary: CVE-2008-6548 affects MoinMoin 1.6.1's rst parser (parser/text_rst.py), which does not enforce the ACL on included pages. This can allow attackers to read unauthorized include files via unknown vectors. The issue is reflected across multiple feeds (Red Hat, Ubuntu, OSV, GHSA) in the conn...

5CVSS6.3AI score0.01003EPSS
CVE
CVE
added 2010/02/26 7:0 p.m.61 views

CVE-2010-0667

Summary : CVE-2010-0667 affects MoinMoin Wiki. When running MoinMoin 1.9 before 1.9.1, the sys.argv array is not properly cleared in environments where GATEWAY_INTERFACE is set, enabling remote attackers to obtain sensitive information via unspecified vectors. Affected software : MoinMoin Wiki (v...

5CVSS6.1AI score0.01869EPSS
CVE
CVE
added 2009/04/29 6:6 p.m.60 views

CVE-2009-1482

CVE-2009-1482 concerns multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.8.2 and earlier, arising from the file-attachment path: the AttachFile.py component is injectable via (a) the error_msg sub-action and (b) multiple vectors related to package file errors in upload_form. The u...

4.3CVSS5.4AI score0.02482EPSS
Web
CVE
CVE
added 2009/03/30 1:0 a.m.55 views

CVE-2008-6549

CVE-2008-6549 affects MoinMoin 1.6.1 and earlier; the password_checker function in config/multiconfig.py uses cracklib and python-crack, which are not thread-safe, allowing remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. Impact is DoS; no exploita...

5CVSS6.7AI score0.01484EPSS
CVE
CVE
added 2009/04/03 6:0 p.m.55 views

CVE-2008-6603

CVE-2008-6603 affects MoinMoin 1.6.2 and 1.7, where ACL checks are not properly enforced when acl_hierarchic is True, potentially allowing remote attackers to bypass intended access restrictions. The description notes this as a different issue from CVE-2008-1937. Connected documents corroborate A...

6.8CVSS6.5AI score0.01637EPSS