Product:

Moinmoin

(Moinmo)
Repositories https://github.com/moinwiki/moin-1.9
#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2020-11-10 CVE-2020-25074 The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. Debian_linux, Moinmoin 9.8
2020-11-11 CVE-2020-15275 MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. Moinmoin 5.4
2009-03-30 CVE-2008-6548 The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. Moinmoin N/A
2018-10-15 CVE-2017-5934 Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ubuntu_linux, Debian_linux, Moinmoin, Leap 6.1
2017-01-30 CVE-2016-9119 Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ubuntu_linux, Debian_linux, Moinmoin 6.1
2016-11-10 CVE-2016-7148 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. Moinmoin 6.1