Vulnerabilities > Moinmo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-15275 | Cross-site Scripting vulnerability in Moinmo Moinmoin MoinMoin is a wiki engine. | 5.4 |
| 2020-11-10 | CVE-2020-25074 | Path Traversal vulnerability in multiple products The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. | 7.5 |
| 2018-10-15 | CVE-2017-5934 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2017-01-30 | CVE-2016-9119 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-11-10 | CVE-2016-7148 | Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. | 4.3 |
| 2016-11-10 | CVE-2016-7146 | Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component. | 4.3 |
| 2013-01-03 | CVE-2012-6495 | Path Traversal vulnerability in Moinmo Moinmoin Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. | 6.0 |
| 2013-01-03 | CVE-2012-6082 | Cross-Site Scripting vulnerability in Moinmo Moinmoin 1.9.5 Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. | 4.3 |
| 2013-01-03 | CVE-2012-6081 | Arbitrary Code Execution vulnerability in MoinMoin Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012. network moinmo | 6.0 |
| 2013-01-03 | CVE-2012-6080 | Path Traversal vulnerability in Moinmo Moinmoin 1.9.3/1.9.4/1.9.5 Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. | 6.4 |