Search for packages
| purl | pkg:pypi/moin@1.9.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1kv8-4wn6-yydy
Aliases: CVE-2016-7146 GHSA-fj26-q4vh-85f6 PYSEC-2016-30 |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component. |
Affected by 3 other vulnerabilities. |
|
VCID-2yaq-3m4p-q3bu
Aliases: CVE-2020-15275 GHSA-4q96-6xhq-ff43 PYSEC-2020-241 |
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. |
Affected by 0 other vulnerabilities. |
|
VCID-4fn8-ab2r-23dk
Aliases: CVE-2017-5934 GHSA-42fp-4hm3-j8r7 PYSEC-2018-47 |
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 2 other vulnerabilities. |
|
VCID-5hn2-1bvq-jfdh
Aliases: CVE-2016-7148 GHSA-3x76-j3jj-439j PYSEC-2016-31 |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. |
Affected by 3 other vulnerabilities. |
|
VCID-kjqq-u9hy-5yda
Aliases: CVE-2020-25074 GHSA-52q8-877j-gghq PYSEC-2020-67 |
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. |
Affected by 0 other vulnerabilities. |
|
VCID-tkp3-e758-suhx
Aliases: CVE-2016-9119 GHSA-5fq5-pfv8-mrfv PYSEC-2017-20 |
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1fak-dar5-tuet | Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. |
CVE-2012-6495
GHSA-6gx4-29v9-g9q5 PYSEC-2013-7 |
| VCID-3z75-azrr-2qac | Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. |
CVE-2012-6082
GHSA-452h-rx28-49w9 PYSEC-2013-23 |
| VCID-4q2t-yhg6-k3dg | Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012. |
CVE-2012-6081
GHSA-m2c4-jgmm-fvq3 PYSEC-2013-6 |
| VCID-h1wf-35g5-5ucz | Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name. |
CVE-2012-6080
GHSA-v33q-2xcj-4f3m PYSEC-2013-5 |