CVE-2009-1482
- EPSS 2.48%
- Veröffentlicht 29.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:21
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors...
CVE-2009-0312
- EPSS 2.35%
- Veröffentlicht 28.01.2009 01:30:03
- Zuletzt bearbeitet 16.06.2026 23:04:44
Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.
CVE-2009-0260
- EPSS 5.44%
- Veröffentlicht 23.01.2009 19:00:05
- Zuletzt bearbeitet 16.06.2026 23:04:36
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or ...
CVE-2008-3381
- EPSS 2.09%
- Veröffentlicht 30.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:43
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-1937
- EPSS 1.66%
- Veröffentlicht 25.04.2008 06:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:47
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.
- EPSS 2.01%
- Veröffentlicht 05.03.2008 20:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:59
_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.
CVE-2008-1098
- EPSS 1.8%
- Veröffentlicht 05.03.2008 20:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:59
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name...
CVE-2008-0781
- EPSS 2.54%
- Veröffentlicht 14.02.2008 21:00:00
- Zuletzt bearbeitet 16.06.2026 22:50:20
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
- EPSS 14.79%
- Veröffentlicht 14.02.2008 21:00:00
- Zuletzt bearbeitet 16.06.2026 22:50:20
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code executio...
CVE-2008-0780
- EPSS 1.74%
- Veröffentlicht 14.02.2008 21:00:00
- Zuletzt bearbeitet 16.06.2026 22:50:20
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.