Published: 11/11/2020 Updated: 18/10/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moinmo moinmoin

Two vulnerabilities were discovered in moin, a Python clone of WikiWiki CVE-2020-15275 Catarina Leite discovered that moin is prone to a stored XSS vulnerability via SVG attachments CVE-2020-25074 Michael Chapman discovered that moin is prone to a remote code execution vulnerability via the cache action For the stable distribut ...

CWE-79 https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2 https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11 https://advisory.checkmarx.net/advisory/CX-2020-4285 https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4787

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15275

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect