CVSS: 6.0EPSS: 1%CPEs: 5EXPL: 0CVE-2012-4404
https://notcve.org/view.php?id=CVE-2012-4404
10 Sep 2012 — security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. security/__init__.py en MoinMoin v1.9 hasta v1.9.4 no trata correctamente los nombres de los grupos que contienen nombres de grupos virtuales tales como "All", "Known", o "Trusted", lo que permite ser tratados como miembros del grupo no-virtua... • http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.7EPSS: 0%CPEs: 76EXPL: 0CVE-2011-1058
https://notcve.org/view.php?id=CVE-2011-1058
22 Feb 2011 — Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de tipo cross-site scripting (XSS) en el analizador reStructuredText (rst) en parser/text_rst.py en MoinMoin anterior a versión 1.... • http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 74EXPL: 2CVE-2010-2487
https://notcve.org/view.php?id=CVE-2010-2487
04 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. Múltiples vulnerabilidades de secuencias de comandos en sitio... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 67EXPL: 0CVE-2010-2969
https://notcve.org/view.php?id=CVE-2010-2969
04 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.x y anteriores permite a atacantes remotos inyectar código web o HTML de su elección a travé de contenido... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2970
https://notcve.org/view.php?id=CVE-2010-2970
04 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.9.x anterior v1.9.3 permite a atacantes remotos inyectar código web o HTML de su elección a travé de contenido manipulado,... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0828
https://notcve.org/view.php?id=CVE-2010-0828
05 Apr 2010 — Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action/Despam.py del módulo de acción Despam de MoinMoin v1.8.7 y v1.9.2, permite a usuarios autenticados en remoto inyectar secuencias de comandos Web o HTML de su elección creando un página con una URI manipulada... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-1238
https://notcve.org/view.php?id=CVE-2010-1238
05 Apr 2010 — MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. MoinMoin v1.7.1, permite a atacantes remotos evitar el mecanismo de protección textcha modificando los campos textcha-question y textcha-answer con valores vacíos. • http://secunia.com/advisories/39284 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2009-4762
https://notcve.org/view.php?id=CVE-2009-4762
29 Mar 2010 — MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. MoinMoin v1.7.x anteriores a la v1.7.3 y v1.8.x anteriores a la v1.8.3 chequea ACLs (listas de control de acceso) del elemento padre en algunas circunstacias inapropiadas durante el procesado de ACLs jerárquicas, lo que permi... • http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0667
https://notcve.org/view.php?id=CVE-2010-0667
26 Feb 2010 — MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. MoinMoin v1.9 anteriores v1.9.1 no realiza de la forma esperada la limpieza del array sys.argv en situaciones donde la variable de entorno GATEWAY_INTERFACE recibe valor, lo que permite a atacantes remotos conseguir información sensible a través de vectores no especi... • http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 46EXPL: 0CVE-2010-0668
https://notcve.org/view.php?id=CVE-2010-0668
26 Feb 2010 — Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. Vulnerabilidad no especificada en MoinMoin v1.5.x hasta v1.7.x, v1.8.x anteriores a v1.8.7, y v1.9.x anteriores a v1.9.2 tiene un impacto y cvector de ataque desconocido, relativo a configuraciones que tienen una lista no vacía ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975 •