Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6981?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6981?format=api", "purl": "pkg:pypi/moin@1.9.3", "type": "pypi", "namespace": "", "name": "moin", "version": "1.9.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.9.11", "latest_non_vulnerable_version": "1.9.11", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34788?format=api", "vulnerability_id": "VCID-1fak-dar5-tuet", "summary": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.", "references": [ { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f" }, { "reference_url": "http://moinmo.in/MoinMoinRelease1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinRelease1.9" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599" }, { "reference_url": "http://secunia.com/advisories/51696", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51696" }, { "reference_url": "http://ubuntu.com/usn/usn-1680-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1680-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2593", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2593" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/29/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/12/29/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/30/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7494?format=api", "purl": "pkg:pypi/moin@1.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6" } ], "aliases": [ "CVE-2012-6495", "PYSEC-2013-7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fak-dar5-tuet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35009?format=api", "vulnerability_id": "VCID-1kv8-4wn6-yydy", "summary": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component.", "references": [ { "reference_url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3715" }, { "reference_url": "http://www.securityfocus.com/bid/94259", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94259" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3137-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3137-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9453?format=api", "purl": "pkg:pypi/moin@1.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9" } ], "aliases": [ "CVE-2016-7146", "PYSEC-2016-30" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kv8-4wn6-yydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35671?format=api", "vulnerability_id": "VCID-2yaq-3m4p-q3bu", "summary": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.", "references": [ { "reference_url": "https://advisory.checkmarx.net/advisory/CX-2020-4285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4285" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18962?format=api", "purl": "pkg:pypi/moin@1.9.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11" } ], "aliases": [ "CVE-2020-15275", "GHSA-4q96-6xhq-ff43", "PYSEC-2020-241" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yaq-3m4p-q3bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34790?format=api", "vulnerability_id": "VCID-3z75-azrr-2qac", "summary": "Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.", "references": [ { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "http://secunia.com/advisories/51663", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51663" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/29/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/12/29/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/30/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/5" }, { "reference_url": "http://www.securityfocus.com/bid/57089", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57089" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7494?format=api", "purl": "pkg:pypi/moin@1.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6" } ], "aliases": [ "CVE-2012-6082", "PYSEC-2013-23" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3z75-azrr-2qac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35273?format=api", "vulnerability_id": "VCID-4fn8-ab2r-23dk", "summary": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "https://github.com/advisories/GHSA-42fp-4hm3-j8r7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-42fp-4hm3-j8r7" }, { "reference_url": "https://github.com/moinwiki/moin-1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html" }, { "reference_url": "https://usn.ubuntu.com/3794-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3794-1" }, { "reference_url": "https://usn.ubuntu.com/3794-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3794-1/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4318" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5934", "reference_id": "CVE-2017-5934", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5934" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/12310?format=api", "purl": "pkg:pypi/moin@1.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.10" } ], "aliases": [ "CVE-2017-5934", "GHSA-42fp-4hm3-j8r7", "PYSEC-2018-47" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fn8-ab2r-23dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34791?format=api", "vulnerability_id": "VCID-4q2t-yhg6-k3dg", "summary": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.", "references": [ { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f" }, { "reference_url": "http://moinmo.in/MoinMoinRelease1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinRelease1.9" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599" }, { "reference_url": "http://secunia.com/advisories/51663", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51663" }, { "reference_url": "http://secunia.com/advisories/51676", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51676" }, { "reference_url": "http://secunia.com/advisories/51696", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51696" }, { "reference_url": "https://github.com/moinwiki/moin", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2013-6.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2013-6.yaml" }, { "reference_url": "https://web.archive.org/web/20200228165146/http://www.securityfocus.com/bid/57082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228165146/http://www.securityfocus.com/bid/57082" }, { "reference_url": "http://ubuntu.com/usn/usn-1680-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1680-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2593", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2593" }, { "reference_url": "http://www.exploit-db.com/exploits/25304", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.exploit-db.com/exploits/25304" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/29/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/12/29/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/30/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/4" }, { "reference_url": "http://www.securityfocus.com/bid/57082", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57082" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6081", "reference_id": "CVE-2012-6081", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6081" }, { "reference_url": "https://github.com/advisories/GHSA-m2c4-jgmm-fvq3", "reference_id": "GHSA-m2c4-jgmm-fvq3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m2c4-jgmm-fvq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7494?format=api", "purl": "pkg:pypi/moin@1.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6" } ], "aliases": [ "CVE-2012-6081", "GHSA-m2c4-jgmm-fvq3", "PYSEC-2013-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4q2t-yhg6-k3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35010?format=api", "vulnerability_id": "VCID-5hn2-1bvq-jfdh", "summary": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component.", "references": [ { "reference_url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3715" }, { "reference_url": "http://www.securityfocus.com/bid/94259", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94259" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3137-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3137-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9453?format=api", "purl": "pkg:pypi/moin@1.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9" } ], "aliases": [ "CVE-2016-7148", "PYSEC-2016-31" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hn2-1bvq-jfdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34789?format=api", "vulnerability_id": "VCID-h1wf-35g5-5ucz", "summary": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.", "references": [ { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599" }, { "reference_url": "http://secunia.com/advisories/51663", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51663" }, { "reference_url": "http://secunia.com/advisories/51676", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51676" }, { "reference_url": "http://secunia.com/advisories/51696", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/51696" }, { "reference_url": "http://ubuntu.com/usn/usn-1680-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ubuntu.com/usn/usn-1680-1" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2593", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2593" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/12/30/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/6" }, { "reference_url": "http://www.securityfocus.com/bid/57076", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57076" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7494?format=api", "purl": "pkg:pypi/moin@1.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6" } ], "aliases": [ "CVE-2012-6080", "PYSEC-2013-5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h1wf-35g5-5ucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35670?format=api", "vulnerability_id": "VCID-kjqq-u9hy-5yda", "summary": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.", "references": [ { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4787", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4787" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18962?format=api", "purl": "pkg:pypi/moin@1.9.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11" } ], "aliases": [ "CVE-2020-25074", "GHSA-52q8-877j-gghq", "PYSEC-2020-67" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjqq-u9hy-5yda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34777?format=api", "vulnerability_id": "VCID-qgm9-pnrw-p3ak", "summary": "security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group.", "references": [ { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "http://secunia.com/advisories/50474", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50474" }, { "reference_url": "http://secunia.com/advisories/50496", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50496" }, { "reference_url": "http://secunia.com/advisories/50885", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50885" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2538", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2538" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/04/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/09/04/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/05/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/09/05/2" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1604-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1604-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7397?format=api", "purl": "pkg:pypi/moin@1.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fak-dar5-tuet" }, { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-3z75-azrr-2qac" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-4q2t-yhg6-k3dg" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-h1wf-35g5-5ucz" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.5" } ], "aliases": [ "CVE-2012-4404", "PYSEC-2012-10" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qgm9-pnrw-p3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35019?format=api", "vulnerability_id": "VCID-tkp3-e758-suhx", "summary": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moinmo.in/SecurityFixes" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3715", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3715" }, { "reference_url": "http://www.securityfocus.com/bid/94501", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94501" }, { "reference_url": "http://www.ubuntu.com/usn/USN-3137-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-3137-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9452?format=api", "purl": "pkg:pypi/moin@1.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.8" } ], "aliases": [ "CVE-2016-9119", "PYSEC-2017-20" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkp3-e758-suhx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34699?format=api", "vulnerability_id": "VCID-5dkr-jfqu-4kfq", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809" }, { "reference_url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572" }, { "reference_url": "http://marc.info/?l=oss-security&m=127799369406968&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=oss-security&m=127799369406968&w=2" }, { "reference_url": "http://marc.info/?l=oss-security&m=127809682420259&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=oss-security&m=127809682420259&w=2" }, { "reference_url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg" }, { "reference_url": "http://moinmo.in/MoinMoinRelease1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinRelease1.9" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "http://secunia.com/advisories/40836", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/40836" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2083", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2010/dsa-2083" }, { "reference_url": "http://www.securityfocus.com/bid/40549", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/40549" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1981", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/1981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6981?format=api", "purl": "pkg:pypi/moin@1.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fak-dar5-tuet" }, { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-3z75-azrr-2qac" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-4q2t-yhg6-k3dg" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-h1wf-35g5-5ucz" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-qgm9-pnrw-p3ak" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3" } ], "aliases": [ "CVE-2010-2969", "PYSEC-2010-17" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dkr-jfqu-4kfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34693?format=api", "vulnerability_id": "VCID-8xsp-chsd-cfhp", "summary": "Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801" }, { "reference_url": "http://secunia.com/advisories/39188", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/39188" }, { "reference_url": "http://secunia.com/advisories/39190", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/39190" }, { "reference_url": "http://secunia.com/advisories/39267", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/39267" }, { "reference_url": "http://secunia.com/advisories/39284", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/39284" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435" }, { "reference_url": "https://github.com/moinwiki/moin", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moinwiki/moin" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-28.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-28.yaml" }, { "reference_url": "https://web.archive.org/web/20151017002542/http://secunia.com/advisories/39284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20151017002542/http://secunia.com/advisories/39284" }, { "reference_url": "https://web.archive.org/web/20151017033127/http://secunia.com/advisories/39267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20151017033127/http://secunia.com/advisories/39267" }, { "reference_url": "https://web.archive.org/web/20151017033557/http://secunia.com/advisories/39190", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20151017033557/http://secunia.com/advisories/39190" }, { "reference_url": "https://web.archive.org/web/20151104183344/http://secunia.com/advisories/39188", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20151104183344/http://secunia.com/advisories/39188" }, { "reference_url": "https://web.archive.org/web/20200228163431/http://www.securityfocus.com/bid/39110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228163431/http://www.securityfocus.com/bid/39110" }, { "reference_url": "https://web.archive.org/web/20200228163432/http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228163432/http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca" }, { "reference_url": "https://web.archive.org/web/20220927220946/http://hg.moinmo.in/moin/1.9/rev/689e2b04bd4d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20220927220946/http://hg.moinmo.in/moin/1.9/rev/689e2b04bd4d" }, { "reference_url": "https://web.archive.org/web/20221003055226/http://hg.moinmo.in/moin/1.9/rev/788131dd21c3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20221003055226/http://hg.moinmo.in/moin/1.9/rev/788131dd21c3" }, { "reference_url": "https://web.archive.org/web/20221025223621/http://hg.moinmo.in/moin/1.8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20221025223621/http://hg.moinmo.in/moin/1.8" }, { "reference_url": "https://www.debian.org/security/2010/dsa-2024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2010/dsa-2024" }, { "reference_url": "https://www.ubuntu.com/usn/USN-925-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.ubuntu.com/usn/USN-925-1" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2024", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2010/dsa-2024" }, { "reference_url": "http://www.securityfocus.com/bid/39110", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/39110" }, { "reference_url": "http://www.ubuntu.com/usn/USN-925-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-925-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0767", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/0767" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0831", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/0831" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/0834", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/0834" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0828", "reference_id": "CVE-2010-0828", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0828" }, { "reference_url": "https://github.com/advisories/GHSA-fc72-v54c-x9jg", "reference_id": "GHSA-fc72-v54c-x9jg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fc72-v54c-x9jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7029?format=api", "purl": "pkg:pypi/moin@1.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/6981?format=api", "purl": "pkg:pypi/moin@1.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fak-dar5-tuet" }, { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-3z75-azrr-2qac" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-4q2t-yhg6-k3dg" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-h1wf-35g5-5ucz" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-qgm9-pnrw-p3ak" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3" } ], "aliases": [ "CVE-2010-0828", "GHSA-fc72-v54c-x9jg", "PYSEC-2010-28" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xsp-chsd-cfhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34700?format=api", "vulnerability_id": "VCID-9ck2-p7hx-4qex", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809" }, { "reference_url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189" }, { "reference_url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES" }, { "reference_url": "http://hg.moinmo.in/moin/1.8/rev/4238b0c90871", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.8/rev/4238b0c90871" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572" }, { "reference_url": "http://marc.info/?l=oss-security&m=127799369406968&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=oss-security&m=127799369406968&w=2" }, { "reference_url": "http://marc.info/?l=oss-security&m=127809682420259&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=oss-security&m=127809682420259&w=2" }, { "reference_url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg" }, { "reference_url": "http://moinmo.in/MoinMoinRelease1.8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinRelease1.8" }, { "reference_url": "http://moinmo.in/MoinMoinRelease1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinRelease1.9" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "http://secunia.com/advisories/40836", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/40836" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2083", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2010/dsa-2083" }, { "reference_url": "http://www.securityfocus.com/bid/40549", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/40549" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1981", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/1981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/7029?format=api", "purl": "pkg:pypi/moin@1.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/6981?format=api", "purl": "pkg:pypi/moin@1.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fak-dar5-tuet" }, { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-3z75-azrr-2qac" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-4q2t-yhg6-k3dg" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-h1wf-35g5-5ucz" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-qgm9-pnrw-p3ak" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3" } ], "aliases": [ "CVE-2010-2487", "PYSEC-2010-16" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ck2-p7hx-4qex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34726?format=api", "vulnerability_id": "VCID-aduk-vjjh-c3gc", "summary": "Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when \"format rst\" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "http://secunia.com/advisories/43413", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43413" }, { "reference_url": "http://secunia.com/advisories/43665", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43665" }, { "reference_url": "http://secunia.com/advisories/50885", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/50885" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65545" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2321", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2011/dsa-2321" }, { "reference_url": "http://www.securityfocus.com/bid/46476", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46476" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1604-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1604-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0455", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0455" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0571", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0571" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0588", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0588" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6981?format=api", "purl": "pkg:pypi/moin@1.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fak-dar5-tuet" }, { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-3z75-azrr-2qac" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-4q2t-yhg6-k3dg" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-h1wf-35g5-5ucz" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-qgm9-pnrw-p3ak" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3" } ], "aliases": [ "CVE-2011-1058", "PYSEC-2011-6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aduk-vjjh-c3gc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34698?format=api", "vulnerability_id": "VCID-xz41-zzdr-6ycb", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb" }, { "reference_url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572" }, { "reference_url": "http://marc.info/?l=oss-security&m=127799369406968&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=oss-security&m=127799369406968&w=2" }, { "reference_url": "http://marc.info/?l=oss-security&m=127809682420259&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=oss-security&m=127809682420259&w=2" }, { "reference_url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg" }, { "reference_url": "http://moinmo.in/MoinMoinRelease1.9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/MoinMoinRelease1.9" }, { "reference_url": "http://moinmo.in/SecurityFixes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moinmo.in/SecurityFixes" }, { "reference_url": "http://secunia.com/advisories/40836", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/40836" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2083", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2010/dsa-2083" }, { "reference_url": "http://www.securityfocus.com/bid/40549", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/40549" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1981", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/1981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6981?format=api", "purl": "pkg:pypi/moin@1.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fak-dar5-tuet" }, { "vulnerability": "VCID-1kv8-4wn6-yydy" }, { "vulnerability": "VCID-2yaq-3m4p-q3bu" }, { "vulnerability": "VCID-3z75-azrr-2qac" }, { "vulnerability": "VCID-4fn8-ab2r-23dk" }, { "vulnerability": "VCID-4q2t-yhg6-k3dg" }, { "vulnerability": "VCID-5hn2-1bvq-jfdh" }, { "vulnerability": "VCID-h1wf-35g5-5ucz" }, { "vulnerability": "VCID-kjqq-u9hy-5yda" }, { "vulnerability": "VCID-qgm9-pnrw-p3ak" }, { "vulnerability": "VCID-tkp3-e758-suhx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3" } ], "aliases": [ "CVE-2010-2970", "PYSEC-2010-18" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz41-zzdr-6ycb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3" }