Search Results (Refine Search)
- CPE Product Version: cpe:/a:moinmo:moinmoin:1.9.8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-15275 |
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. Published: November 11, 2020; 11:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-25074 |
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. Published: November 10, 2020; 12:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-5934 |
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: October 15, 2018; 3:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7148 |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. Published: November 10, 2016; 12:59:01 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7146 |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component. Published: November 10, 2016; 12:59:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |