18 results (0.004 seconds)

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-15275 – malicious SVG attachment causing stored XSS vulnerability in MoinMoin

https://notcve.org/view.php?id=CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. • https://advisory.checkmarx.net/advisory/CX-2020-4285 https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2 https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11 https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2020-25074

https://notcve.org/view.php?id=CVE-2020-25074

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. La acción de la caché en el archivo action/cache.py en MoinMoin versiones hasta 1.9.10, permite el salto de directorio por medio de una petición HTTP diseñada. Un atacante que pueda cargar archivos adjuntos a la wiki puede usar esto para lograr una ejecución de código remota • http://moinmo.in/SecurityFixes https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html https://www.debian.org/security/2020/dsa-4787 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-5934

https://notcve.org/view.php?id=CVE-2017-5934

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad Cross-Site Scripting (XSS) en el diálogo de enlaces en el editor de la interfaz gráfica de MoinMoin en versiones anteriores a la 1.9.10 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html http://moinmo.in/SecurityFixes https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024 https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html https://usn.ubuntu.com/3794-1 https://www.debian.org/security/2018/dsa-4318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-9119

https://notcve.org/view.php?id=CVE-2016-9119

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el link de diálogo en el editor de GUI en MoinMoin en versiones anteriores a 1.9.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante vectores no especificados. • http://www.debian.org/security/2016/dsa-3715 http://www.securityfocus.com/bid/94501 http://www.ubuntu.com/usn/USN-3137-1 https://moinmo.in/SecurityFixes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 3%CPEs: 79EXPL: 3

CVE-2012-6495 – MoinMoin - twikidraw Action Traversal Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-6495

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. Múltiples vulnerabilidades de salto de directorio en (1) twikidraw (acction/twikidraw.py) y (2) anywikidraw (acction/anywikidraw.py), acciones en MoinMoin antes de v1.9.6 a usuarios remotos autenticados con permisos de escritura sobrescribir archivos arbitrarios a través de vectores no especificados. NOTA: esto puede ser aprovechado con CVE-2012-6081 para ejecutar código arbitrario. • https://www.exploit-db.com/exploits/26422 https://www.exploit-db.com/exploits/25304 http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://secunia.com/advisories/51696 http://ubuntu.com/usn/usn-1680-1 http://www.debian.org/security/2012/dsa-2593 http://www.openwall.com/lists/oss-security/2012/12/29/6 http://www.openwall.com/lists/oss-security/2012/12/30/4 https://bugs.launchpad.net • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •