Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moinmoin moinmoin vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-15275
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are stro...
Moinmo Moinmoin
9.8
CVSSv3
CVE-2020-25074
The cache action in action/cache.py in MoinMoin up to and including 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
Moinmo Moinmoin
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2017-5934
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin prior to 1.9.10 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Moinmo Moinmoin
Opensuse Leap 42.3
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.0
6.1
CVSSv3
CVE-2016-9119
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin prior to 1.9.8 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Moinmo Moinmoin
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
6.1
CVSSv3
CVE-2016-7146
MoinMoin 1.9.8 allows remote malicious users to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via pag...
Moinmo Moinmoin 1.9.8
6.1
CVSSv3
CVE-2016-7148
MoinMoin 1.9.8 allows remote malicious users to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
Moinmo Moinmoin 1.9.8
NA
CVE-2012-6080
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 up to and including 1.9.5 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in a file name.
Moinmo Moinmoin 1.9.3
Moinmo Moinmoin 1.9.4
Moinmo Moinmoin 1.9.5
NA
CVE-2012-6081
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin prior to 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with a...
Moinmo Moinmoin 1.9.3
Moinmo Moinmoin 1.9.2
Moinmo Moinmoin 1.3.2
Moinmo Moinmoin 1.4
Moinmo Moinmoin 1.3.0
Moinmo Moinmoin 1.2.4
Moinmo Moinmoin 1.7.0
Moinmo Moinmoin 1.7.3
Moinmo Moinmoin 1.5.1
Moinmo Moinmoin 1.5.5
Moinmo Moinmoin 1.5.5a
Moinmo Moinmoin 1.8.7
Moinmo Moinmoin 1.8.0
Moinmo Moinmoin 1.5.0
Moinmo Moinmoin 0.7
Moinmo Moinmoin 0.4
Moinmo Moinmoin 0.1
Moinmo Moinmoin 1.9.4
Moinmo Moinmoin 1.3.5
Moinmo Moinmoin 1.2.1
Moinmo Moinmoin 1.2
Moinmo Moinmoin 1.0
2 EDB exploits
NA
CVE-2012-6495
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin prior to 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOT...
Moinmo Moinmoin
Moinmo Moinmoin 1.9.3
Moinmo Moinmoin 1.9.2
Moinmo Moinmoin 1.9.0
Moinmo Moinmoin 1.9.1
Moinmo Moinmoin 1.7.0
Moinmo Moinmoin 1.7.2
Moinmo Moinmoin 1.5.0
Moinmo Moinmoin 1.5.6
Moinmo Moinmoin 1.5.7
Moinmo Moinmoin 1.5.8
Moinmo Moinmoin 1.4
Moinmo Moinmoin 1.3.5
Moinmo Moinmoin 1.0
Moinmo Moinmoin 0.7
Moinmo Moinmoin 0.8
Moinmo Moinmoin 0.5
Moinmo Moinmoin 1.9.4
Moinmo Moinmoin 1.8.8
Moinmo Moinmoin 1.7.1
Moinmo Moinmoin 1.6.2
Moinmo Moinmoin 1.6.0
2 EDB exploits
NA
CVE-2012-6082
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote malicious users to inject arbitrary web script or HTML via the page name in a rss link.
Moinmo Moinmoin 1.9.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »