CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15275 – malicious SVG attachment causing stored XSS vulnerability in MoinMoin
https://notcve.org/view.php?id=CVE-2020-15275
11 Nov 2020 — MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. • https://advisory.checkmarx.net/advisory/CX-2020-4285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 12%CPEs: 3EXPL: 0CVE-2020-25074 – Ubuntu Security Notice USN-4629-1
https://notcve.org/view.php?id=CVE-2020-25074
10 Nov 2020 — The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. La acción de la caché en el archivo action/cache.py en MoinMoin versiones hasta 1.9.10, permite el salto de directorio por medio de una petición HTTP diseñada. Un atacante que pueda cargar archivos adjuntos a la wiki puede usar esto para lograr una ejecución de código remota Michael Cha... • http://moinmo.in/SecurityFixes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5934 – Ubuntu Security Notice USN-3794-1
https://notcve.org/view.php?id=CVE-2017-5934
15 Oct 2018 — Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad Cross-Site Scripting (XSS) en el diálogo de enlaces en el editor de la interfaz gráfica de MoinMoin en versiones anteriores a la 1.9.10 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. It was discovered that MoinMoin incorrectly handled certain i... • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-7146 – MoinMoin 1.9.8 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-7146
10 Nov 2016 — MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component. MoinMoin 1.9.8 permite a atacantes remotos llevar a cabo ataques "JavaScript injection" utilizando el enfoque "page creation", relacionado con un problema "Cross Site Scripting (XSS)" que afecta al componente action=fckdialog&dialog=attachment (a través... • https://packetstorm.news/files/id/139788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-7148 – MoinMoin 1.9.8 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-7148
10 Nov 2016 — MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. MoinMoin 1.9.8 permite a atacantes remotos llevar a cabo ataques "JavaScript injection" utilizando el enfoque "page creation", relacionado con un problema "Cross Site Scripting (XSS)" que afecta al componente action=AttachFile (a través del nombre de página). It was discovered that Mo... • https://packetstorm.news/files/id/139788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •