Moinmo

Moinmoin

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-15275

Exploit
  • EPSS 0.31%
  • Published 11.11.2020 16:15:13
  • Last modified 21.11.2024 05:05:14

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on...

9.8

CVE-2020-25074

  • EPSS 12.81%
  • Published 10.11.2020 17:15:12
  • Last modified 21.11.2024 05:17:12

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

6.1

CVE-2017-5934

  • EPSS 0.65%
  • Published 15.10.2018 19:29:00
  • Last modified 21.11.2024 03:28:42

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1

CVE-2016-9119

  • EPSS 0.76%
  • Published 30.01.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1

CVE-2016-7148

Exploit
  • EPSS 0.24%
  • Published 10.11.2016 17:59:01
  • Last modified 12.04.2025 10:46:40

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.

6.1

CVE-2016-7146

Exploit
  • EPSS 0.25%
  • Published 10.11.2016 17:59:00
  • Last modified 12.04.2025 10:46:40

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) co...

6

CVE-2012-6495

Exploit
  • EPSS 9.87%
  • Published 03.01.2013 01:55:04
  • Last modified 11.04.2025 00:51:21

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files ...

4.3

CVE-2012-6082

Exploit
  • EPSS 0.41%
  • Published 03.01.2013 01:55:04
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.

6

CVE-2012-6081

Exploit
  • EPSS 74.89%
  • Published 03.01.2013 01:55:04
  • Last modified 11.04.2025 00:51:21

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary cod...

6.4

CVE-2012-6080

  • EPSS 1.55%
  • Published 03.01.2013 01:55:04
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.