MoinMoin prior to 20070507 does not properly enforce ACLs for calendars and includes, which allows remote malicious users to read certain pages via unspecified vectors.
A flaw was discovered in MoinMoin’s error reporting when using the
AttachFile action By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user’s authentication information
for the domain where MoinMoin was hosted (CVE-2007-2423) ...
Several remote vulnerabilities have been discovered in MoinMoin, a
Python clone of WikiWiki The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2007-2423
A cross-site-scripting vulnerability has been discovered in
attachment handling
CVE-2007-2637
Access control lists for calendars and includes wer ...