CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 0CVE-2010-0669
https://notcve.org/view.php?id=CVE-2010-0669
26 Feb 2010 — MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. MoinMoin anteriores a v1.8.7 y 1.9.x anteriores a v1.9.2 no sanea de forma adecuada los perfiles de usuario, lo que tiene un impacto y efectos desconocidos. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2010-0717
https://notcve.org/view.php?id=CVE-2010-0717
26 Feb 2010 — The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. La configuración por defecto de cfg.packagepages_actions_excluded en MoinMoin anteriores v1.8.7 no previene acciones inseguras, que tiene un impacto y vectores de ataque no especificados. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES • CWE-16: Configuration •
CVSS: 6.1EPSS: 1%CPEs: 40EXPL: 1CVE-2009-1482
https://notcve.org/view.php?id=CVE-2009-1482
29 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin v1.8.2 y anteriores permiten a atacantes remotos ... • http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6603
https://notcve.org/view.php?id=CVE-2008-6603
03 Apr 2009 — MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. MoinMoin v1.6.2 y v1.7 no maneja adecuadamente los puntos de cumplimiento de la ACL cuando acl_hierarchic esta fijado como Verdadero, lo que permitiría a atacantes remotos evitar las restricciones de acceso previstas, una vulnerabilidad diferente que CVE-2008-1937. • http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 36EXPL: 2CVE-2009-0260 – MoinMoin 1.8 - 'AttachFile.py' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0260
23 Jan 2009 — Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable). Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin antes de v1.8.1, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de s... • https://www.exploit-db.com/exploits/32746 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2008-3381
https://notcve.org/view.php?id=CVE-2008-3381
30 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados en macro/AdvancedSearch.py en moin (y MoinMoin)1.6.3 y 1.7.0, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través vectores no especificados. • http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •