VulnerableCode Package Details - pkg:pypi/moin@1.9.10

Search for packages

Vulnerability	Summary	Fixed by
VCID-2yaq-3m4p-q3bu Aliases: CVE-2020-15275 GHSA-4q96-6xhq-ff43 PYSEC-2020-241	MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.	1.9.11 Affected by 0 other vulnerabilities.
VCID-kjqq-u9hy-5yda Aliases: CVE-2020-25074 GHSA-52q8-877j-gghq PYSEC-2020-67	The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.	1.9.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2yaq-3m4p-q3bu
Aliases:
CVE-2020-15275
GHSA-4q96-6xhq-ff43
PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.

1.9.11
Affected by 0 other vulnerabilities.

VCID-kjqq-u9hy-5yda
Aliases:
CVE-2020-25074
GHSA-52q8-877j-gghq
PYSEC-2020-67

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

1.9.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4fn8-ab2r-23dk	Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVE-2017-5934 GHSA-42fp-4hm3-j8r7 PYSEC-2018-47

Vulnerability

Summary

Aliases

VCID-4fn8-ab2r-23dk

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2017-5934
GHSA-42fp-4hm3-j8r7
PYSEC-2018-47

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:38:46.394193+00:00	GitLab Importer	Fixing	VCID-4fn8-ab2r-23dk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/moin/CVE-2017-5934.yml	38.6.0
2026-06-02T04:07:55.893688+00:00	Pypa Importer	Affected by	VCID-2yaq-3m4p-q3bu	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2020-241.yaml	38.6.0
2026-06-02T04:07:55.809726+00:00	Pypa Importer	Affected by	VCID-kjqq-u9hy-5yda	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2020-67.yaml	38.6.0
2026-06-02T04:05:21.226615+00:00	Pypa Importer	Fixing	VCID-4fn8-ab2r-23dk	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2018-47.yaml	38.6.0