Moinmo

Moinmoin

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6

CVE-2012-4404

  • EPSS 0.99%
  • Veröffentlicht 10.09.2012 22:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a me...

2.6

CVE-2011-1058

  • EPSS 0.61%
  • Veröffentlicht 22.02.2011 18:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a...

4.3

CVE-2010-2970

  • EPSS 0.6%
  • Veröffentlicht 05.08.2010 13:22:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/langua...

4.3

CVE-2010-2969

  • EPSS 0.6%
  • Veröffentlicht 05.08.2010 13:22:29
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and...

4.3

CVE-2010-2487

Exploit
  • EPSS 1.29%
  • Veröffentlicht 05.08.2010 13:22:28
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py...

5

CVE-2010-1238

  • EPSS 0.39%
  • Veröffentlicht 05.04.2010 15:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.

3.5

CVE-2010-0828

Exploit
  • EPSS 0.56%
  • Veröffentlicht 05.04.2010 15:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

7.5

CVE-2009-4762

  • EPSS 0.37%
  • Veröffentlicht 29.03.2010 20:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a differe...

7.5

CVE-2010-0717

  • EPSS 0.59%
  • Veröffentlicht 26.02.2010 19:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.

7.5

CVE-2010-0669

  • EPSS 1.05%
  • Veröffentlicht 26.02.2010 19:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.