Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moinmoin vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2010-0828
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
Moinmo Moinmoin 1.8.7
Moinmo Moinmoin 1.9.2
6.8
CVSSv2
CVE-2008-6603
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote malicious users to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
Moinmo Moinmoin 1.6.2
Moinmo Moinmoin 1.7.0
3.5
CVSSv2
CVE-2020-15275
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are stro...
Moinmo Moinmoin
4.3
CVSSv2
CVE-2012-6082
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote malicious users to inject arbitrary web script or HTML via the page name in a rss link.
Moinmo Moinmoin 1.9.5
4.3
CVSSv2
CVE-2016-7146
MoinMoin 1.9.8 allows remote malicious users to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via pag...
Moinmo Moinmoin 1.9.8
4.3
CVSSv2
CVE-2016-7148
MoinMoin 1.9.8 allows remote malicious users to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
Moinmo Moinmoin 1.9.8
5
CVSSv2
CVE-2008-6548
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows malicious users to read unauthorized include files via unknown vectors.
Moinmo Moinmoin 1.6.1
5
CVSSv2
CVE-2010-0667
MoinMoin 1.9 prior to 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Moinmo Moinmoin 1.9.0
5
CVSSv2
CVE-2008-6549
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote malicious users to cause a denial of service (segmentation fault and crash) via unknown vectors.
Moinmo Moinmoin 1.6.1
5
CVSSv2
CVE-2010-1238
MoinMoin 1.7.1 allows remote malicious users to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
Moinmo Moinmoin 1.7.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »