Moinmoin@1.9.2 Security Vulnerabilities and Issues — Moinmoin@1.9.2 CVE List

Lucene search

MoinmoMoinmoin1.9.2

7 matches found

CVE•added 2010/04/05 3:30 p.m.•91 views

CVE-2010-0828

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

3.5CVSS5AI score0.00619EPSS

CVE•added 2013/01/03 1:55 a.m.•90 views

CVE-2012-6081

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extensio...

6CVSS7.4AI score0.76114EPSS

CVE•added 2010/08/05 1:22 p.m.•63 views

CVE-2010-2487

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage...

4.3CVSS5.5AI score0.01315EPSS

CVE•added 2012/09/10 10:55 p.m.•59 views

CVE-2012-4404

security/init .py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

6CVSS6AI score0.0099EPSS

CVE•added 2010/08/05 1:22 p.m.•58 views

CVE-2010-2969

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CV...

4.3CVSS5.7AI score0.01315EPSS

CVE•added 2013/01/03 1:55 a.m.•56 views

CVE-2012-6495

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be levera...

6CVSS7.2AI score0.76114EPSS

CVE•added 2010/08/05 1:22 p.m.•51 views

CVE-2010-2970

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.

4.3CVSS5.7AI score0.01315EPSS