| CVE-2010-0717 |
high |
— |
7.5 |
|
|
|
4y ago |
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. |
| CVE-2009-4762 |
high |
— |
7.5 |
|
|
|
16y ago |
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended a… |
| CVE-2010-0669 |
high |
— |
7.5 |
|
|
|
17y ago |
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. |
| CVE-2012-6495 |
medium |
— |
7.0 |
|
|
|
4y ago |
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users w… |
| CVE-2012-6081 |
medium |
— |
7.0 |
|
|
|
14y ago |
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated us… |
| CVE-2010-0668 |
medium |
— |
6.8 |
|
|
|
4y ago |
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser … |
| CVE-2012-6080 |
medium |
— |
6.4 |
|
|
|
14y ago |
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary fi… |
| CVE-2016-7148 |
medium |
6.1 |
6.1 |
|
|
|
4y ago |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile… |
| CVE-2016-9119 |
medium |
6.1 |
6.1 |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-7146 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the ac… |
| CVE-2012-4404 |
medium |
— |
6.0 |
|
|
|
14y ago |
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users … |
| CVE-2010-0667 |
medium |
— |
5.0 |
|
|
|
17y ago |
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain s… |
| CVE-2010-2487 |
medium |
— |
4.3 |
|
|
|
4y ago |
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted… |
| CVE-2010-2969 |
medium |
— |
4.3 |
|
|
|
4y ago |
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related t… |
| CVE-2012-6082 |
medium |
— |
4.3 |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. |
| CVE-2010-2970 |
medium |
— |
4.3 |
|
|
|
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.p… |
| CVE-2010-0828 |
low |
— |
3.5 |
|
|
|
16y ago |
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creati… |
| CVE-2011-1058 |
low |
— |
2.6 |
|
|
|
16y ago |
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote att… |
| CVE-2009-0260 |
unknown |
— |
1.0 |
|
|
|
4y ago |
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities |
| CVE-2008-0782 |
unknown |
— |
1.0 |
|
|
|
4y ago |
MoinMoin Directory traversal vulnerability |
| CVE-2008-6549 |
unknown |
— |
— |
|
|
|
4y ago |
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a den… |
| CVE-2008-6548 |
unknown |
— |
— |
|
|
|
4y ago |
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. |
| CVE-2008-6603 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability th… |
| CVE-2009-1482 |
unknown |
— |
— |
|
|
|
4y ago |
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-actio… |
| CVE-2009-0312 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature |
| CVE-2008-3381 |
unknown |
— |
— |
|
|
|
4y ago |
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vec… |
| CVE-2008-1937 |
unknown |
— |
— |
|
|
|
4y ago |
The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges. |
| CVE-2008-1099 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Improper Access Control |
| CVE-2008-1098 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities |
| CVE-2008-0781 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities |
| CVE-2008-0780 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Cross-site scripting (XSS) vulnerability |
| CVE-2007-2637 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Improper ACL handling for calendars and includes |
| CVE-2007-0902 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Insertion of Sensitive Information into Log File |
| CVE-2007-0901 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters |
| CVE-2007-0857 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities |
| CVE-2004-1462 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Improper Access Control |
| CVE-2004-1463 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin Improper Privilege Management |
| CVE-2004-0708 |
unknown |
— |
— |
|
|
|
4y ago |
MoinMoin allows administrative access |
| CVE-2020-25074 |
unknown |
— |
— |
|
|
|
6y ago |
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve re… |
| CVE-2020-15275 |
unknown |
— |
— |
|
|
|
6y ago |
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user'… |
| CVE-2017-5934 |
unknown |
— |
— |
|
|
|
8y ago |
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
