VulnerableCode Package Details - pkg:pypi/moin@1.9.8

Search for packages

Vulnerability	Summary	Fixed by
VCID-1kv8-4wn6-yydy Aliases: CVE-2016-7146 PYSEC-2016-30	MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.	1.9.9 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-2yaq-3m4p-q3bu Aliases: CVE-2020-15275 GHSA-4q96-6xhq-ff43 PYSEC-2020-241	MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.	1.9.11 Affected by 0 other vulnerabilities.
VCID-4fn8-ab2r-23dk Aliases: CVE-2017-5934 GHSA-42fp-4hm3-j8r7 PYSEC-2018-47	Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	1.9.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5hn2-1bvq-jfdh Aliases: CVE-2016-7148 PYSEC-2016-31	MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.	1.9.9 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kjqq-u9hy-5yda Aliases: CVE-2020-25074 GHSA-52q8-877j-gghq PYSEC-2020-67	The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.	1.9.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1kv8-4wn6-yydy
Aliases:
CVE-2016-7146
PYSEC-2016-30

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.

1.9.9
Affected by 3 other vulnerabilities.

VCID-2yaq-3m4p-q3bu
Aliases:
CVE-2020-15275
GHSA-4q96-6xhq-ff43
PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.

1.9.11
Affected by 0 other vulnerabilities.

VCID-4fn8-ab2r-23dk
Aliases:
CVE-2017-5934
GHSA-42fp-4hm3-j8r7
PYSEC-2018-47

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

1.9.10
Affected by 2 other vulnerabilities.

VCID-5hn2-1bvq-jfdh
Aliases:
CVE-2016-7148
PYSEC-2016-31

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.

1.9.9
Affected by 3 other vulnerabilities.

VCID-kjqq-u9hy-5yda
Aliases:
CVE-2020-25074
GHSA-52q8-877j-gghq
PYSEC-2020-67

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

1.9.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-tkp3-e758-suhx	Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CVE-2016-9119 PYSEC-2017-20

Vulnerability

Summary

Aliases

VCID-tkp3-e758-suhx

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2016-9119
PYSEC-2017-20

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:07:55.886612+00:00	Pypa Importer	Affected by	VCID-2yaq-3m4p-q3bu	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2020-241.yaml	38.6.0
2026-06-02T04:07:55.802424+00:00	Pypa Importer	Affected by	VCID-kjqq-u9hy-5yda	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2020-67.yaml	38.6.0
2026-06-02T04:05:21.218346+00:00	Pypa Importer	Affected by	VCID-4fn8-ab2r-23dk	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2018-47.yaml	38.6.0
2026-06-02T04:04:27.773976+00:00	Pypa Importer	Fixing	VCID-tkp3-e758-suhx	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2017-20.yaml	38.6.0
2026-06-02T04:04:25.373918+00:00	Pypa Importer	Affected by	VCID-5hn2-1bvq-jfdh	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2016-31.yaml	38.6.0
2026-06-02T04:04:25.294243+00:00	Pypa Importer	Affected by	VCID-1kv8-4wn6-yydy	https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2016-30.yaml	38.6.0