Lucene search
Veracode Vulnerability DatabaseVERACODE:27854HistoryNov 10, 2020 - 3:54 a.m.
Cross-Site Scripting
2020-11-1003:54:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
34.7%
moin is vulnerable to cross-site scripting (XSS). An attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user’s browser when the user views the malicious SVG file on the wiki.
References
advisory.checkmarx.net/advisory/CX-2020-4285
github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2
github.com/moinwiki/moin-1.9/commit/64e16037a60646a4d834f0203c75481b9c3fa74c
github.com/moinwiki/moin-1.9/releases/tag/1.9.11
github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43
Related
redhatcve
redhatcve
CVE-2020-15275
2022-05-21 00:23:34
nvd
nvd
CVE-2020-15275
2020-11-11 16:15:13
github
github
malicious SVG attachment causing stored XSS vulnerability
2020-11-11 15:54:41
ubuntucve
ubuntucve
CVE-2020-15275
2020-11-09 00:00:00
prion
prion
Design/Logic Flaw
2020-11-11 16:15:00
cvelist
cvelist
debiancve
debiancve
CVE-2020-15275
2020-11-11 16:15:13
osv
osv
PYSEC-2020-241
2020-11-11 16:15:00
malicious SVG attachment causing stored XSS vulnerability
2020-11-11 15:54:41
CVE-2020-15275
2020-11-11 16:15:13
cve
cve
CVE-2020-15275
2020-11-11 16:15:13
nessus
nessus
Debian DSA-4787-1 : moin - security update
2020-11-10 00:00:00
FreeBSD : moinmoin -- multiple vulnerabilities (abed4ff0-7da1-4236-880d-de33e4895315)
2021-01-20 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : MoinMoin vulnerabilities (USN-4629-1)
2020-11-11 00:00:00
debian
debian
[SECURITY] [DSA 4787-1] moin security update
2020-11-09 20:27:35
[SECURITY] [DLA 2446-1] moin security update
2020-11-10 21:43:54
[SECURITY] [DSA 4787-1] moin security update
2020-11-09 20:27:35
openvas
openvas
Debian: Security Advisory (DLA-2446-1)
2020-11-11 00:00:00
MoinMoin < 1.9.11 Multiple Vulnerabilities - Windows
2020-11-11 00:00:00
MoinMoin < 1.9.11 Multiple Vulnerabilities - Linux
2020-11-11 00:00:00
suse
suse
Security update for moinmoin-wiki (important)
2020-11-23 00:00:00
Security update for moinmoin-wiki (important)
2020-11-19 00:00:00
ubuntu
ubuntu
MoinMoin vulnerabilities
2020-11-11 00:00:00
freebsd
freebsd
moinmoin -- multiple vulnerabilities
2020-11-08 00:00:00