Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moinmo moinmoin vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2012-6080
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 up to and including 1.9.5 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in a file name.
Moinmo Moinmoin 1.9.3
Moinmo Moinmoin 1.9.4
Moinmo Moinmoin 1.9.5
383
VMScore
CVE-2010-2970
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x prior to 1.9.3 allow remote malicious users to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar...
Moinmo Moinmoin 1.9.2
Moinmo Moinmoin 1.9.0
Moinmo Moinmoin 1.9.1
605
VMScore
CVE-2008-6603
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote malicious users to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
Moinmo Moinmoin 1.6.2
Moinmo Moinmoin 1.7.0
312
VMScore
CVE-2010-0828
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
Moinmo Moinmoin 1.8.7
Moinmo Moinmoin 1.9.2
312
VMScore
CVE-2020-15275
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are stro...
Moinmo Moinmoin
383
VMScore
CVE-2016-7146
MoinMoin 1.9.8 allows remote malicious users to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via pag...
Moinmo Moinmoin 1.9.8
383
VMScore
CVE-2016-7148
MoinMoin 1.9.8 allows remote malicious users to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
Moinmo Moinmoin 1.9.8
383
VMScore
CVE-2012-6082
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote malicious users to inject arbitrary web script or HTML via the page name in a rss link.
Moinmo Moinmoin 1.9.5
445
VMScore
CVE-2010-0667
MoinMoin 1.9 prior to 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Moinmo Moinmoin 1.9.0
445
VMScore
CVE-2008-6548
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows malicious users to read unauthorized include files via unknown vectors.
Moinmo Moinmoin 1.6.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »