Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moinmo moinmoin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2010-2970
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x prior to 1.9.3 allow remote malicious users to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar...
Moinmo Moinmoin 1.9.2
Moinmo Moinmoin 1.9.0
Moinmo Moinmoin 1.9.1
6.4
CVSSv2
CVE-2012-6080
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 up to and including 1.9.5 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in a file name.
Moinmo Moinmoin 1.9.3
Moinmo Moinmoin 1.9.4
Moinmo Moinmoin 1.9.5
3.5
CVSSv2
CVE-2010-0828
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
Moinmo Moinmoin 1.8.7
Moinmo Moinmoin 1.9.2
6.8
CVSSv2
CVE-2008-6603
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote malicious users to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
Moinmo Moinmoin 1.6.2
Moinmo Moinmoin 1.7.0
3.5
CVSSv2
CVE-2020-15275
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are stro...
Moinmo Moinmoin
5
CVSSv2
CVE-2010-0667
MoinMoin 1.9 prior to 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Moinmo Moinmoin 1.9.0
5
CVSSv2
CVE-2008-6549
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote malicious users to cause a denial of service (segmentation fault and crash) via unknown vectors.
Moinmo Moinmoin 1.6.1
5
CVSSv2
CVE-2008-6548
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows malicious users to read unauthorized include files via unknown vectors.
Moinmo Moinmoin 1.6.1
5
CVSSv2
CVE-2010-1238
MoinMoin 1.7.1 allows remote malicious users to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
Moinmo Moinmoin 1.7.1
4.3
CVSSv2
CVE-2012-6082
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote malicious users to inject arbitrary web script or HTML via the page name in a rss link.
Moinmo Moinmoin 1.9.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »