Vulnerabilities > Moinmo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-08-05 | CVE-2010-2970 | Cross-Site Scripting vulnerability in Moinmo Moinmoin 1.9.0/1.9.1/1.9.2 Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. | 4.3 |
| 2010-08-05 | CVE-2010-2969 | Cross-Site Scripting vulnerability in Moinmo Moinmoin Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. | 4.3 |
| 2010-08-05 | CVE-2010-2487 | Cross-Site Scripting vulnerability in Moinmo Moinmoin Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. | 4.3 |
| 2010-04-05 | CVE-2010-1238 | Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin 1.7.1 MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. | 5.0 |
| 2010-02-26 | CVE-2010-0668 | Security vulnerability in MoinMoin Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. network moinmo | 6.8 |
| 2010-02-26 | CVE-2010-0667 | Information Exposure vulnerability in Moinmo Moinmoin 1.9.0 MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2009-04-29 | CVE-2009-1482 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. | 4.3 |
| 2009-04-03 | CVE-2008-6603 | Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin 1.6.2/1.7.0 MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | 6.8 |
| 2009-03-30 | CVE-2008-6549 | Unspecified vulnerability in Moinmo Moinmoin 1.6.1 The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. | 5.0 |