Vulnerabilities > Moinmo > Moinmoin

DATE CVE VULNERABILITY TITLE RISK
2020-11-11 CVE-2020-15275 Cross-site Scripting vulnerability in Moinmo Moinmoin
MoinMoin is a wiki engine.
network
low complexity
moinmo CWE-79
5.4
2020-11-10 CVE-2020-25074 Path Traversal vulnerability in multiple products
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request.
network
low complexity
moinmo debian CWE-22
7.5
2018-10-15 CVE-2017-5934 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2017-01-30 CVE-2016-9119 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2016-11-10 CVE-2016-7148 Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
network
moinmo CWE-79
4.3
2016-11-10 CVE-2016-7146 Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
network
moinmo CWE-79
4.3
2013-01-03 CVE-2012-6495 Path Traversal vulnerability in Moinmo Moinmoin
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors.
network
moinmo CWE-22
6.0
2013-01-03 CVE-2012-6082 Cross-Site Scripting vulnerability in Moinmo Moinmoin 1.9.5
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
network
moinmo CWE-79
4.3
2013-01-03 CVE-2012-6081 Arbitrary Code Execution vulnerability in MoinMoin
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
network
moinmo
6.0
2013-01-03 CVE-2012-6080 Path Traversal vulnerability in Moinmo Moinmoin 1.9.3/1.9.4/1.9.5
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a ..
network
low complexity
moinmo CWE-22
6.4