{"url":"http://public2.vulnerablecode.io/api/packages/6978?format=json","purl":"pkg:pypi/moin@1.8.7","type":"pypi","namespace":"","name":"moin","version":"1.8.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.8.8","latest_non_vulnerable_version":"1.9.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34788?format=json","vulnerability_id":"VCID-1fak-dar5-tuet","summary":"Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors.  NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.","references":[{"reference_url":"http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"},{"reference_url":"http://moinmo.in/MoinMoinRelease1.9","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinRelease1.9"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"},{"reference_url":"http://secunia.com/advisories/51696","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51696"},{"reference_url":"http://ubuntu.com/usn/usn-1680-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1680-1"},{"reference_url":"http://www.debian.org/security/2012/dsa-2593","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2012/dsa-2593"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/12/29/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/12/29/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/12/30/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/12/30/4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7494?format=json","purl":"pkg:pypi/moin@1.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6"}],"aliases":["CVE-2012-6495","PYSEC-2013-7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fak-dar5-tuet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35009?format=json","vulnerability_id":"VCID-1kv8-4wn6-yydy","summary":"MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component.","references":[{"reference_url":"https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3715","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3715"},{"reference_url":"http://www.securityfocus.com/bid/94259","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94259"},{"reference_url":"http://www.ubuntu.com/usn/USN-3137-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3137-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9453?format=json","purl":"pkg:pypi/moin@1.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-kjqq-u9hy-5yda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9"}],"aliases":["CVE-2016-7146","PYSEC-2016-30"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kv8-4wn6-yydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35671?format=json","vulnerability_id":"VCID-2yaq-3m4p-q3bu","summary":"MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.","references":[{"reference_url":"https://advisory.checkmarx.net/advisory/CX-2020-4285","reference_id":"","reference_type":"","scores":[],"url":"https://advisory.checkmarx.net/advisory/CX-2020-4285"},{"reference_url":"https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"},{"reference_url":"https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"},{"reference_url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18962?format=json","purl":"pkg:pypi/moin@1.9.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11"}],"aliases":["CVE-2020-15275","GHSA-4q96-6xhq-ff43","PYSEC-2020-241"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2yaq-3m4p-q3bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34790?format=json","vulnerability_id":"VCID-3z75-azrr-2qac","summary":"Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.","references":[{"reference_url":"http://hg.moinmo.in/moin/1.9/rev/c98ec456e493","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"http://secunia.com/advisories/51663","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51663"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/12/29/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/12/29/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/12/30/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/12/30/5"},{"reference_url":"http://www.securityfocus.com/bid/57089","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/57089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7494?format=json","purl":"pkg:pypi/moin@1.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6"}],"aliases":["CVE-2012-6082","PYSEC-2013-23"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3z75-azrr-2qac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35273?format=json","vulnerability_id":"VCID-4fn8-ab2r-23dk","summary":"Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"https://github.com/advisories/GHSA-42fp-4hm3-j8r7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-42fp-4hm3-j8r7"},{"reference_url":"https://github.com/moinwiki/moin-1.9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin-1.9"},{"reference_url":"https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"},{"reference_url":"https://usn.ubuntu.com/3794-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3794-1"},{"reference_url":"https://usn.ubuntu.com/3794-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3794-1/"},{"reference_url":"https://www.debian.org/security/2018/dsa-4318","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4318"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5934","reference_id":"CVE-2017-5934","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5934"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12310?format=json","purl":"pkg:pypi/moin@1.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-kjqq-u9hy-5yda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.10"}],"aliases":["CVE-2017-5934","GHSA-42fp-4hm3-j8r7","PYSEC-2018-47"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fn8-ab2r-23dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34791?format=json","vulnerability_id":"VCID-4q2t-yhg6-k3dg","summary":"Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.","references":[{"reference_url":"http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"},{"reference_url":"http://moinmo.in/MoinMoinRelease1.9","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinRelease1.9"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"},{"reference_url":"http://secunia.com/advisories/51663","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51663"},{"reference_url":"http://secunia.com/advisories/51676","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51676"},{"reference_url":"http://secunia.com/advisories/51696","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51696"},{"reference_url":"https://github.com/moinwiki/moin","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2013-6.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2013-6.yaml"},{"reference_url":"https://web.archive.org/web/20200228165146/http://www.securityfocus.com/bid/57082","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228165146/http://www.securityfocus.com/bid/57082"},{"reference_url":"http://ubuntu.com/usn/usn-1680-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1680-1"},{"reference_url":"http://www.debian.org/security/2012/dsa-2593","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2012/dsa-2593"},{"reference_url":"http://www.exploit-db.com/exploits/25304","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/25304"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/12/29/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/12/29/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/12/30/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/12/30/4"},{"reference_url":"http://www.securityfocus.com/bid/57082","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/57082"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6081","reference_id":"CVE-2012-6081","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6081"},{"reference_url":"https://github.com/advisories/GHSA-m2c4-jgmm-fvq3","reference_id":"GHSA-m2c4-jgmm-fvq3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m2c4-jgmm-fvq3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7494?format=json","purl":"pkg:pypi/moin@1.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6"}],"aliases":["CVE-2012-6081","GHSA-m2c4-jgmm-fvq3","PYSEC-2013-6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q2t-yhg6-k3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35010?format=json","vulnerability_id":"VCID-5hn2-1bvq-jfdh","summary":"MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component.","references":[{"reference_url":"https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"},{"reference_url":"http://www.debian.org/security/2016/dsa-3715","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3715"},{"reference_url":"http://www.securityfocus.com/bid/94259","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94259"},{"reference_url":"http://www.ubuntu.com/usn/USN-3137-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3137-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9453?format=json","purl":"pkg:pypi/moin@1.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-kjqq-u9hy-5yda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9"}],"aliases":["CVE-2016-7148","PYSEC-2016-31"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hn2-1bvq-jfdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34693?format=json","vulnerability_id":"VCID-8xsp-chsd-cfhp","summary":"Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995"},{"reference_url":"http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=578801","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=578801"},{"reference_url":"http://secunia.com/advisories/39188","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/39188"},{"reference_url":"http://secunia.com/advisories/39190","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/39190"},{"reference_url":"http://secunia.com/advisories/39267","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/39267"},{"reference_url":"http://secunia.com/advisories/39284","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/39284"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57435","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/57435"},{"reference_url":"https://github.com/moinwiki/moin","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-28.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-28.yaml"},{"reference_url":"https://web.archive.org/web/20151017002542/http://secunia.com/advisories/39284","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20151017002542/http://secunia.com/advisories/39284"},{"reference_url":"https://web.archive.org/web/20151017033127/http://secunia.com/advisories/39267","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20151017033127/http://secunia.com/advisories/39267"},{"reference_url":"https://web.archive.org/web/20151017033557/http://secunia.com/advisories/39190","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20151017033557/http://secunia.com/advisories/39190"},{"reference_url":"https://web.archive.org/web/20151104183344/http://secunia.com/advisories/39188","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20151104183344/http://secunia.com/advisories/39188"},{"reference_url":"https://web.archive.org/web/20200228163431/http://www.securityfocus.com/bid/39110","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228163431/http://www.securityfocus.com/bid/39110"},{"reference_url":"https://web.archive.org/web/20200228163432/http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228163432/http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca"},{"reference_url":"https://web.archive.org/web/20220927220946/http://hg.moinmo.in/moin/1.9/rev/689e2b04bd4d","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20220927220946/http://hg.moinmo.in/moin/1.9/rev/689e2b04bd4d"},{"reference_url":"https://web.archive.org/web/20221003055226/http://hg.moinmo.in/moin/1.9/rev/788131dd21c3","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20221003055226/http://hg.moinmo.in/moin/1.9/rev/788131dd21c3"},{"reference_url":"https://web.archive.org/web/20221025223621/http://hg.moinmo.in/moin/1.8","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20221025223621/http://hg.moinmo.in/moin/1.8"},{"reference_url":"https://www.debian.org/security/2010/dsa-2024","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2010/dsa-2024"},{"reference_url":"https://www.ubuntu.com/usn/USN-925-1","reference_id":"","reference_type":"","scores":[],"url":"https://www.ubuntu.com/usn/USN-925-1"},{"reference_url":"http://www.debian.org/security/2010/dsa-2024","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2010/dsa-2024"},{"reference_url":"http://www.securityfocus.com/bid/39110","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/39110"},{"reference_url":"http://www.ubuntu.com/usn/USN-925-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-925-1"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0767","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0767"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0831","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0831"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0834","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0834"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0828","reference_id":"CVE-2010-0828","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0828"},{"reference_url":"https://github.com/advisories/GHSA-fc72-v54c-x9jg","reference_id":"GHSA-fc72-v54c-x9jg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fc72-v54c-x9jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7029?format=json","purl":"pkg:pypi/moin@1.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/6981?format=json","purl":"pkg:pypi/moin@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3"}],"aliases":["CVE-2010-0828","GHSA-fc72-v54c-x9jg","PYSEC-2010-28"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xsp-chsd-cfhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34700?format=json","vulnerability_id":"VCID-9ck2-p7hx-4qex","summary":"Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"},{"reference_url":"http://hg.moinmo.in/moin/1.7/rev/37306fba2189","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.7/rev/37306fba2189"},{"reference_url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES"},{"reference_url":"http://hg.moinmo.in/moin/1.8/rev/4238b0c90871","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.8/rev/4238b0c90871"},{"reference_url":"http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"},{"reference_url":"http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513"},{"reference_url":"http://hg.moinmo.in/moin/1.9/rev/e50b087c4572","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"},{"reference_url":"http://marc.info/?l=oss-security&m=127799369406968&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=oss-security&m=127799369406968&w=2"},{"reference_url":"http://marc.info/?l=oss-security&m=127809682420259&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=oss-security&m=127809682420259&w=2"},{"reference_url":"http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"},{"reference_url":"http://moinmo.in/MoinMoinRelease1.8","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinRelease1.8"},{"reference_url":"http://moinmo.in/MoinMoinRelease1.9","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinRelease1.9"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"http://secunia.com/advisories/40836","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/40836"},{"reference_url":"http://www.debian.org/security/2010/dsa-2083","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2010/dsa-2083"},{"reference_url":"http://www.securityfocus.com/bid/40549","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/40549"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1981","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/1981"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7029?format=json","purl":"pkg:pypi/moin@1.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/6981?format=json","purl":"pkg:pypi/moin@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3"}],"aliases":["CVE-2010-2487","PYSEC-2010-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ck2-p7hx-4qex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34726?format=json","vulnerability_id":"VCID-aduk-vjjh-c3gc","summary":"Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when \"format rst\" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute.  NOTE: some of these details are obtained from third party information.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"http://secunia.com/advisories/43413","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43413"},{"reference_url":"http://secunia.com/advisories/43665","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43665"},{"reference_url":"http://secunia.com/advisories/50885","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50885"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65545","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65545"},{"reference_url":"http://www.debian.org/security/2011/dsa-2321","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2321"},{"reference_url":"http://www.securityfocus.com/bid/46476","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/46476"},{"reference_url":"http://www.ubuntu.com/usn/USN-1604-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1604-1"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0455","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0455"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0571","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0571"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0588","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6981?format=json","purl":"pkg:pypi/moin@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3"}],"aliases":["CVE-2011-1058","PYSEC-2011-6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aduk-vjjh-c3gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35670?format=json","vulnerability_id":"VCID-kjqq-u9hy-5yda","summary":"The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.","references":[{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"},{"reference_url":"https://www.debian.org/security/2020/dsa-4787","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4787"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18962?format=json","purl":"pkg:pypi/moin@1.9.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11"}],"aliases":["CVE-2020-25074","GHSA-52q8-877j-gghq","PYSEC-2020-67"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjqq-u9hy-5yda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35019?format=json","vulnerability_id":"VCID-tkp3-e758-suhx","summary":"Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"https://moinmo.in/SecurityFixes"},{"reference_url":"http://www.debian.org/security/2016/dsa-3715","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3715"},{"reference_url":"http://www.securityfocus.com/bid/94501","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94501"},{"reference_url":"http://www.ubuntu.com/usn/USN-3137-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3137-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9452?format=json","purl":"pkg:pypi/moin@1.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-kjqq-u9hy-5yda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.8"}],"aliases":["CVE-2016-9119","PYSEC-2017-20"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkp3-e758-suhx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34691?format=json","vulnerability_id":"VCID-3fgh-8nmt-2fgp","summary":"Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975"},{"reference_url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html"},{"reference_url":"http://marc.info/?l=oss-security&m=126625972814888&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=oss-security&m=126625972814888&w=2"},{"reference_url":"http://marc.info/?l=oss-security&m=126676896601156&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=oss-security&m=126676896601156&w=2"},{"reference_url":"http://moinmo.in/MoinMoinRelease1.8","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinRelease1.8"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=565604","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=565604"},{"reference_url":"http://secunia.com/advisories/38444","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38444"},{"reference_url":"http://secunia.com/advisories/38709","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38709"},{"reference_url":"http://secunia.com/advisories/38903","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38903"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/56002","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/56002"},{"reference_url":"https://github.com/moinwiki/moin","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-15.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-15.yaml"},{"reference_url":"https://web.archive.org/web/20111225112846/http://secunia.com/advisories/38903","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20111225112846/http://secunia.com/advisories/38903"},{"reference_url":"https://web.archive.org/web/20140725192956/http://secunia.com/advisories/38709","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140725192956/http://secunia.com/advisories/38709"},{"reference_url":"https://web.archive.org/web/20140806190238/http://secunia.com/advisories/38444","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140806190238/http://secunia.com/advisories/38444"},{"reference_url":"https://web.archive.org/web/20200228174758/http://www.securityfocus.com/bid/38023","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228174758/http://www.securityfocus.com/bid/38023"},{"reference_url":"http://www.debian.org/security/2010/dsa-2014","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2010/dsa-2014"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/02/15/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2010/02/15/2"},{"reference_url":"http://www.osvdb.org/62043","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/62043"},{"reference_url":"http://www.securityfocus.com/bid/38023","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/38023"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0266","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0266"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0600","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0600"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0668","reference_id":"CVE-2010-0668","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0668"},{"reference_url":"https://github.com/advisories/GHSA-574f-mh6m-c6qm","reference_id":"GHSA-574f-mh6m-c6qm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-574f-mh6m-c6qm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6978?format=json","purl":"pkg:pypi/moin@1.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/6979?format=json","purl":"pkg:pypi/moin@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.2"}],"aliases":["CVE-2010-0668","GHSA-574f-mh6m-c6qm","PYSEC-2010-15"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fgh-8nmt-2fgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34689?format=json","vulnerability_id":"VCID-551s-jjxy-qfer","summary":"MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.","references":[{"reference_url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"},{"reference_url":"http://moinmo.in/MoinMoinRelease1.8","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinRelease1.8"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"http://secunia.com/advisories/38444","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38444"},{"reference_url":"http://secunia.com/advisories/38903","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38903"},{"reference_url":"https://github.com/moinwiki/moin","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-2.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-2.yaml"},{"reference_url":"https://web.archive.org/web/20111225112846/http://secunia.com/advisories/38903","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20111225112846/http://secunia.com/advisories/38903"},{"reference_url":"https://web.archive.org/web/20140806190238/http://secunia.com/advisories/38444","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140806190238/http://secunia.com/advisories/38444"},{"reference_url":"https://web.archive.org/web/20200228174758/http://www.securityfocus.com/bid/38023","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228174758/http://www.securityfocus.com/bid/38023"},{"reference_url":"http://www.debian.org/security/2010/dsa-2014","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2010/dsa-2014"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/02/15/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2010/02/15/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/02/15/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2010/02/15/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/02/21/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2010/02/21/2"},{"reference_url":"http://www.securityfocus.com/bid/38023","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/38023"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0600","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0600"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0669","reference_id":"CVE-2010-0669","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0669"},{"reference_url":"https://github.com/advisories/GHSA-977v-29j9-9rxc","reference_id":"GHSA-977v-29j9-9rxc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-977v-29j9-9rxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6978?format=json","purl":"pkg:pypi/moin@1.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/6979?format=json","purl":"pkg:pypi/moin@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.2"}],"aliases":["CVE-2010-0669","GHSA-977v-29j9-9rxc","PYSEC-2010-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-551s-jjxy-qfer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34690?format=json","vulnerability_id":"VCID-qcmp-zvgm-8bcm","summary":"The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.","references":[{"reference_url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES","reference_id":"","reference_type":"","scores":[],"url":"http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"},{"reference_url":"http://moinmo.in/MoinMoinRelease1.8","reference_id":"","reference_type":"","scores":[],"url":"http://moinmo.in/MoinMoinRelease1.8"},{"reference_url":"http://secunia.com/advisories/38903","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/38903"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/56595","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/56595"},{"reference_url":"https://github.com/moinwiki/moin","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moinwiki/moin"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-3.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-3.yaml"},{"reference_url":"https://web.archive.org/web/20140807024009/http://secunia.com/advisories/38903","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140807024009/http://secunia.com/advisories/38903"},{"reference_url":"http://www.debian.org/security/2010/dsa-2014","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2010/dsa-2014"},{"reference_url":"http://www.openwall.com/lists/oss-security/2010/02/15/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2010/02/15/2"},{"reference_url":"http://www.vupen.com/english/advisories/2010/0600","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/0600"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0717","reference_id":"CVE-2010-0717","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0717"},{"reference_url":"https://github.com/advisories/GHSA-5jjr-gmq3-f986","reference_id":"GHSA-5jjr-gmq3-f986","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5jjr-gmq3-f986"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6978?format=json","purl":"pkg:pypi/moin@1.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.7"}],"aliases":["CVE-2010-0717","GHSA-5jjr-gmq3-f986","PYSEC-2010-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcmp-zvgm-8bcm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.7"}