26 matches found
CVE-2020-25074
CVE-2020-25074 affects MoinMoin up to version 1.9.10, where the cache action in action/cache.py allows directory traversal via a crafted HTTP request, enabling remote code execution when an attacker can upload attachments. Multiple connected sources confirm the underlying issue and reference a fi...
CVE-2020-15275
MoinMoin wiki engine vulnerability CVE-2020-15275: before version 1.9.11, an attacker with write permissions can upload an SVG containing malicious JavaScript, which executes in the browser when the SVG is viewed. The issue is fixed in MoinMoin 1.9.11; upgrade to that version to remediate (stored...
CVE-2010-0828
CVE-2010-0828 affects MoinMoin Despam.py in the Despam action module, exposing an XSS vulnerability in MoinMoin 1.8.7 and 1.9.2. The issue allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. The vulnerability arises from the Despam actio...
CVE-2012-6081
CVE-2012-6081 affects MoinMoin before 1.9.6, with multiple unrestricted file upload vulnerabilities in the twikidraw and anywikidraw actions. Remote authenticated users with write permissions can upload a file with an executable extension and access it to execute arbitrary code; this is corrobora...
CVE-2017-5934
CVE-2017-5934 affects MoinMoin GUI editor’s link dialogue prior to version 1.9.10, where input sanitization weaknesses allow remote XSS. The issue arises in the GUI editor’s link dialogue, enabling an attacker to inject arbitrary script/HTML via unspecified vectors. Public references across advis...
CVE-2016-9119
CVE-2016-9119 is an XSS vulnerability in the link dialogue of the MoinMoin GUI editor prior to 1.9.8, allowing remote injection of script or HTML via unspecified vectors. The connected documents corroborate the issue in MoinMoin’s GUI editor and note a fixed version (1.9.9) released in maintenanc...
CVE-2010-0717
Affected software: MoinMoin prior to version 1.8.7. Issue: The default configuration of cfg.packagepages_actions_excluded does not prevent unsafe package actions, enabling an unspecified impact/attack vector. Several related advisories reference CVE-2010-0717. Impact (stated): Unspecified in init...
CVE-2012-6082
CVE-2012-6082 concerns MoinMoin prior to 1.9.6. The vulnerability is an XSS in the rsslink function (theme/init .py) where the page name parameter is not properly sanitized, allowing remote attackers to inject arbitrary HTML/JavaScript. Public references describe affected versions as 1.9.5 and ea...
CVE-2012-6495
CVE-2012-6081 describes multiple directory traversal/file-upload vulnerabilities in MoinMoin up to version 1.9.6, specifically in the twikidraw (action/twikidraw.py) and anywikidraw (action/anywikidraw.py) actions. The root cause is unrestricted directory traversal and improper sanitization that ...
CVE-2011-1058
CVE-2011-1058 is a cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser of MoinMoin. The issue occurs in parser/text_rst.py when docutils is installed or when the “format rst” setting is used, allowing remote attackers to inject arbitrary web script or HTML via a javascri...
CVE-2012-6080
MoinMoin is vulnerable to multiple issues (CVE-2012-6080/6081/6082) in versions 1.9.3–1.9.5. The directory traversal flaw in AttachFile.py’s _do_attachment_move allows remote attackers to overwrite arbitrary files by crafting a filename with .., enabling unauthorized file writes. CVE-2012-6081 de...
CVE-2010-0669
CVE-2010-0669 affects MoinMoin Web Wiki: in affected releases (MoinMoin before 1.8.7 and 1.9.x before 1.9.2) the system fails to properly sanitize user profiles, enabling an unspecified impact/attack surface. Public advisories and OSS notices reference additional context across Debian, Fedora, Ge...
CVE-2010-1238
CVE-2010-1238 affects MoinMoin WikiEngine. The issue allows remote attackers to bypass the textcha protection by submitting empty values for textcha-question and textcha-answer, enabling bypass of anti-spam checks. Public references in the provided documents indicate this vulnerability in MoinMoi...
CVE-2010-2487
CVE-2010-2487 corresponds to MoinMoin XSS vulnerabilities affecting versions up to 1.9.3 (and earlier 1.7.3, 1.8.x until 1.8.8). Affected components include Page.py, PageEditor.py, PageGraphicalEditor.py, and various actions (CopyPage, Load, RenamePage, backup, login, newaccount, recoverpass). Im...
CVE-2016-7148
MoinMoin 1.9.8 is affected by CVE-2016-7148, a Cross Site Scripting (XSS) issue related to the page creation/AttachFile component. The root cause is improper sanitization in the AttachFile/page-name handling, enabling remote JavaScript injection. Some connected sources (GN) reference a fix to 1.9...
CVE-2010-2969
CVE-2010-2969 describes multiple cross-site scripting (XSS) vulnerabilities in MoinMoin up to version 1.7.3 and in the 1.9.x line before 1.9.3. The flaws allow remote attackers to inject arbitrary script/HTML via crafted content in specific modules, notably action/LikePages.py, action/chart.py, a...
CVE-2012-4404
CVE-2012-4404 affects MoinMoin 1.9 through 1.9.4, where security/init .py mishandles group names containing virtual groups (e.g., All, Known, Trusted). This allows remote authenticated users with virtual group membership to be treated as group members, constituting an access-control vulnerability...
CVE-2016-7146
CVE-2016-7146 affects MoinMoin 1.9.8, where a Cross-Site Scripting (XSS) flaw allows remote attackers to inject JavaScript via the page creation or crafted URL, specifically through the action=fckdialog&dialog=attachment (via page name) component. Connected advisories corroborate the issue and li...
CVE-2010-0668
CVE-2010-0668 affects MoinMoin 1.5.x–1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2. The vulnerability relates to configurations with a non-empty superuser list, enabled xmlrpc, enabled SyncPages, or configured OpenID, leading to unknown impact per the initial description but with multiple coo...
CVE-2010-2970
MoinMoin 1.9.x prior to 1.9.3 is affected by CVE-2010-2970 (XSS) via crafted content in action/SlideShow.py, action/anywikidraw.py, and action/language_setup.py. The vulnerability allows remote attackers to inject arbitrary script/HTML; impact is partial integrity and potential client-side data e...
CVE-2009-4762
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 have an ACL handling flaw where parent ACLs are checked in inappropriate circumstances during processing of hierarchical ACLs, allowing remote attackers to bypass access restrictions by requesting an item. The issue is documented as CVE-2009-4762...
CVE-2008-6548
Summary: CVE-2008-6548 affects MoinMoin 1.6.1's rst parser (parser/text_rst.py), which does not enforce the ACL on included pages. This can allow attackers to read unauthorized include files via unknown vectors. The issue is reflected across multiple feeds (Red Hat, Ubuntu, OSV, GHSA) in the conn...
CVE-2010-0667
Summary : CVE-2010-0667 affects MoinMoin Wiki. When running MoinMoin 1.9 before 1.9.1, the sys.argv array is not properly cleared in environments where GATEWAY_INTERFACE is set, enabling remote attackers to obtain sensitive information via unspecified vectors. Affected software : MoinMoin Wiki (v...
CVE-2009-1482
CVE-2009-1482 concerns multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.8.2 and earlier, arising from the file-attachment path: the AttachFile.py component is injectable via (a) the error_msg sub-action and (b) multiple vectors related to package file errors in upload_form. The u...
CVE-2008-6549
CVE-2008-6549 affects MoinMoin 1.6.1 and earlier; the password_checker function in config/multiconfig.py uses cracklib and python-crack, which are not thread-safe, allowing remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. Impact is DoS; no exploita...
CVE-2008-6603
CVE-2008-6603 affects MoinMoin 1.6.2 and 1.7, where ACL checks are not properly enforced when acl_hierarchic is True, potentially allowing remote attackers to bypass intended access restrictions. The description notes this as a different issue from CVE-2008-1937. Connected documents corroborate A...